I hereby claim:
- I am helhum on github.
- I am helhum (https://keybase.io/helhum) on keybase.
- I have a public key whose fingerprint is B367 F506 636E E4BA 5A20 0D30 D267 B02C 5A83 969C
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| error_reporting(E_ALL); | |
| class request {} | |
| class_alias('request', 'old_request'); | |
| interface foo { | |
| public function baz(\request $request); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {namespace t=Helhum\TyposcriptRendering\ViewHelpers} | |
| <button class="ajax-button" data-ajaxUri="{t:uri.ajaxAction(action: 'foo', controller: 'bar') -> f:format.htmlentities()}"> | |
| Click Me | |
| </button> | |
| <script type="text/javascript"> | |
| jQuery.ajax( | |
| jQuery(".ajax-button").data("ajaxUri") | |
| ).done( |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace Helhum\ProcessingServices\Resource\Processing; | |
| use TYPO3\CMS\Core\Utility; | |
| class YoutubeProcessing { | |
| /** | |
| * @var \TYPO3\CMS\Core\Resource\Processing\LocalImageProcessor | |
| */ | |
| protected $processor; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteEngine On | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteCond %{REQUEST_FILENAME} !-l | |
| RewriteRule .* /index.php [L] |
helhum
/ index.html
Created
April 20, 2014 09:16
Correctly (HTML) encoded values can lead to XSS when re-used in JavaScript context
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Value = <h1>Hello</h1> | |
| <!-- Assuming {Value} will be correctly encoded for HTML attribute context --> | |
| <a href="/foo" id="foo" title="{Value}">{Value}</a> | |
| <div id="targetEl"></div> | |
| <script> | |
| // This kind of JS can still lead to XSS |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace Helhum\Example\Controller; | |
| /*************************************************************** | |
| * Copyright notice | |
| * | |
| * (c) 2014 Helmut Hummel | |
| * | |
| * All rights reserved | |
| * |
helhum
/ ClassLoader.php
Created
September 2, 2013 13:05
Simple PSR-0 class loader for one extension
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace Bitmotion\NawSecuredl\Core; | |
| /*************************************************************** | |
| * Copyright notice | |
| * | |
| * (c) 2013 Helmut Hummel ([email protected]) | |
| * All rights reserved | |
| * | |
| * This script is part of the Typo3 project. The Typo3 project is |
NewerOlder