limdauto

// some model holding data state
class TodoItem {
  constructor() {
    this.isAchieved = m.prop(false);
  }
}

// vm holds application state -- http://lhorie.github.io/mithril-blog/what-is-a-view-model.html
class TodoVM extends SomeEventEmitter {
  constructor() {

limdauto

'use strict';

var _           = require('lodash'),
    browserify  = require('browserify'),
    compass     = require('gulp-compass'),
    concat      = require('gulp-concat'),
    conf        = require('config'),
    console     = require('console-browserify'),
    del         = require('del'),
    gulp        = require('gulp'),

limdauto

function parseMilliseconds_ (timeframe) {
  var now = new Date().getTime();
  var milliseconds = {
    'hour': 60 * 60 * 1000,
    'day': 24 * 60 * 60 * 1000,
    'week': 7 * 24 * 60 * 60 * 1000,
    '4weeks': 4 * 7 * 24 * 60 * 60 * 1000
  };

  if (milliseconds[timeframe])

limdauto

// PhantomJS Cheatsheet

$ brew update && brew install phantomjs  // install PhantomJS with brew

phantom.exit();

var page = require('webpage').create();

page.open('http://example.com', function() {});
page.evaluate(function() { return document.title; });

limdauto

<?php

// Suppose attacker A cannot get a directory listing from MySite Inc. hidden JavaScript folders at http://mysite.com/hidden
// However, a cloud service B which provides JS compressing service is used by MySite Inc and therefore has accessed
// to the listing. Service B has a webpage called redirector.php which uses dynamic url input.
// Attacker A can simply use this redirector to get to the listing by accessing
// http://serviceb.com/reidrector.php?url=hidden

$redirect_url = $_GET['url'];
header("Location: http://mysite.com/" . $redirect_url);

limdauto

<!-- 
Source: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Alice is current authenticated in her bank website at bank.com. Maria, an attacker, can trick Alice 
into sending her money through forging a request with Maria as the recipient of Alice's money and tricking Alice into
issuing the request against bank.com. This trick works because Alice is currently authenticated on bank.com and authorized
to send her money. 

-->
<a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>

limdauto

<?php
// credit http://onwebdevelopment.blogspot.com/2008/08/xss-cross-site-scrpting-and-stealing.html
// XSS URL: xsss.php?name=%3Cscript%3Ewindow.onload=function(){alert(document.forms[0].password);}%3C/script%3E
// saved passwords will be accessed through document.forms[0].password
// and can easily be sent to the attackers via AJAX
echo $_GET['name'];

?>

<form action="login.php">

limdauto

basePath = '../';

files = [
    ANGULAR_SCENARIO,
    ANGULAR_SCENARIO_ADAPTER,
    'app/controllers.js',
    'tests/e2e/*.js'
];

autoWatch = false;

limdauto

// Karma configuration
// Generated on Thu Jul 04 2013 01:24:00 GMT+0700 (ICT)


// base path, that will be used to resolve files and exclude
basePath = '../';


// list of files / patterns to load in the browser
files = [

limdauto

1. Automated style checking

Google recommends pychecker but either pylint or pyflakes will do as well. See this question on stackoverflow for a discussion of their advantages and disadvantages.

2. Indentation

4 spaces. No tab. 80-column wide. Period.

3. Blank lines

2 blank lines after top-level

def fnc1: