Krzysztof Kotowicz koto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (() => { | |
| if (!('rawHTML' in HTMLElement.prototype)) { | |
| const rules = { | |
| createHTML: (ignore, tpl) => { | |
| if (!Array.isArray(tpl) || !Array.isArray(tpl.raw) || tpl.raw.length != 1 /* it's all spoofable, but whatever */) { | |
| throw new TypeError("Use el.rawHTML`<html here with no interpolation>`"); | |
| } | |
| return tpl.join(""); | |
| } | |
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Sanitizer can produce TrustedHTML as long as its configuration respects sinks guarded by TT. | |
| // (HTML sinks are only guarded because they themselves could bypass restrictions of script.src etc.) | |
| // With the current sanitizer API (no XSS is possible via config), and current TT API (only native XSS sinks are guarded), | |
| // Sanitizer can always produce a TrustedHTML. | |
| trustedHTML = (new Sanitizer()).sanitizeToTrustedHTML('<div><script>removeme</script>') // yay! | |
| // If Web APIs add new native XSS sinks, they should be added simultaneously to TT and Sanitizer | |
| // Speculatively, in the future, if TT could guard other custom sinks in the DOM: |
koto
/ example.js
Last active
January 11, 2020 08:22
Support for custom types in Trusted Type policies.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Custom types for https://github.com/WICG/trusted-types/ | |
| // Allow a given TT policy to create custom unspoofable TrustedFoo instances. | |
| const installFoo = (policy, rule, policyFactory) => { | |
| const creatorSymbol = Symbol(); | |
| const map = new WeakMap(); | |
| // Some more defensive coding tricks can be applied here | |
| // See https://github.com/WICG/trusted-types/blob/master/src/trustedtypes.js for inspiration. | |
| class TrustedFoo { |
koto
/ gist:50550bf1ab02c0de59acff51f8066202
Last active
September 23, 2018 21:22
ZFF export screening times from your watchlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // go to https://zff.com/en/community/users/me/watch-list/ | |
| https://github.com/wanasit/chrono | |
| (function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.chrono = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){ | |
| !function(e,d){"object"==typeof exports&&"undefined"!=typeof module&&"function"==ty |
koto
/ angular 1.6 xss, no quotes,
Created
January 12, 2017 13:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta name="viewport" content="width=device-width"> | |
| <title>JS Bin</title> | |
| </head> | |
| <body> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Imports a public key to the key server. | |
| * @param {!e2e.openpgp.block.TransferablePublicKey} key The ASCII | |
| * armored or {e2e.openpgp.block.TransferablePublicKey} key to import. | |
| * @return {!e2e.async.Result.<boolean>} True if importing key is succeeded. | |
| */ | |
| e2e.openpgp.KeyClient.prototype.importPublicKey = function(key) { | |
| var uids = key.getUserIds(); | |
| if (uids.length != 1) { |
koto
/ gist:8678570
Created
January 28, 2014 23:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://w3c.github.io/webappsec/specs/subresourceintegrity/ | |
| issues: | |
| "3.3.2 Is resource eligible for integrity validation | |
| In order to mitigate an attackers ability to read data cross-origin by brute-forcing values via integrity checks, resources are only eligible for such checks if they are same-origin, publically cachable, or is the result of a granted the loading origin explicit access via CORS. [CORS] The following algorithm details these restrictions:" | |
| publically cacheable != attacker could could read them anyway. For example - cross origin intranet resources. What if intranet resource is publicly cacheable? still allows for bruteforcing intranet resource body from internet (SOP bypass) |
koto
/ credtest.php
Created
October 15, 2013 20:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <a id=a href="http://<?php | |
| $blacklist = ':@#"?`/\\'; | |
| for ($i = 33; $i < 255; $i++) { | |
| if (strpos($blacklist, chr($i)) !== false) { | |
| echo urlencode(chr($i)); | |
| } else | |
| //echo urlencode(chr($i)); |
koto
/ xssdetect.js
Created
December 1, 2012 22:05
reflected xss detection using xssauditor on phantomjs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var page = require('webpage').create(), | |
| system = require('system'), | |
| address; | |
| page.onInitialized = function () { | |
| page.evaluate(function () { | |
| // additional detection code here perhaps | |
| // f.e. detecting STORED/DOM XSS | |
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do | |
| # Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz | |
| # http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/ | |
| import string | |
| import zlib | |
| import sys | |
| import random | |
| charset = string.letters + string.digits + "%/+=" |
NewerOlder