Skip to content

Instantly share code, notes, and snippets.

@limdauto
limdauto / google_python_style.md
Last active September 1, 2016 00:05
Lim's implementation of Google Python Style Guide

1. Automated style checking

Google recommends pychecker but either pylint or pyflakes will do as well. See this question on stackoverflow for a discussion of their advantages and disadvantages.

2. Indentation

4 spaces. No tab. 80-column wide. Period.

3. Blank lines

2 blank lines after top-level

def fnc1:
@limdauto
limdauto / karma.conf.js
Created July 4, 2013 13:06
Karma Unit Test Config
// Karma configuration
// Generated on Thu Jul 04 2013 01:24:00 GMT+0700 (ICT)
// base path, that will be used to resolve files and exclude
basePath = '../';
// list of files / patterns to load in the browser
files = [
@limdauto
limdauto / karma-e2e.conf.js
Last active December 19, 2015 08:39
Karma E2E Config
basePath = '../';
files = [
ANGULAR_SCENARIO,
ANGULAR_SCENARIO_ADAPTER,
'app/controllers.js',
'tests/e2e/*.js'
];
autoWatch = false;
<?php
// credit http://onwebdevelopment.blogspot.com/2008/08/xss-cross-site-scrpting-and-stealing.html
// XSS URL: xsss.php?name=%3Cscript%3Ewindow.onload=function(){alert(document.forms[0].password);}%3C/script%3E
// saved passwords will be accessed through document.forms[0].password
// and can easily be sent to the attackers via AJAX
echo $_GET['name'];
?>
<form action="login.php">
<!--
Source: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Alice is current authenticated in her bank website at bank.com. Maria, an attacker, can trick Alice
into sending her money through forging a request with Maria as the recipient of Alice's money and tricking Alice into
issuing the request against bank.com. This trick works because Alice is currently authenticated on bank.com and authorized
to send her money.
-->
<a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>
<?php
// Suppose attacker A cannot get a directory listing from MySite Inc. hidden JavaScript folders at http://mysite.com/hidden
// However, a cloud service B which provides JS compressing service is used by MySite Inc and therefore has accessed
// to the listing. Service B has a webpage called redirector.php which uses dynamic url input.
// Attacker A can simply use this redirector to get to the listing by accessing
// http://serviceb.com/reidrector.php?url=hidden
$redirect_url = $_GET['url'];
header("Location: http://mysite.com/" . $redirect_url);
// PhantomJS Cheatsheet
$ brew update && brew install phantomjs // install PhantomJS with brew
phantom.exit();
var page = require('webpage').create();
page.open('http://example.com', function() {});
page.evaluate(function() { return document.title; });
@limdauto
limdauto / gist:2a23f946e2b3717beef0
Created October 4, 2014 10:38
parseMilliseconds.js
function parseMilliseconds_ (timeframe) {
var now = new Date().getTime();
var milliseconds = {
'hour': 60 * 60 * 1000,
'day': 24 * 60 * 60 * 1000,
'week': 7 * 24 * 60 * 60 * 1000,
'4weeks': 4 * 7 * 24 * 60 * 60 * 1000
};
if (milliseconds[timeframe])
@limdauto
limdauto / gulpfile.js
Created December 30, 2014 08:43
Lim's todojs build
'use strict';
var _ = require('lodash'),
browserify = require('browserify'),
compass = require('gulp-compass'),
concat = require('gulp-concat'),
conf = require('config'),
console = require('console-browserify'),
del = require('del'),
gulp = require('gulp'),
@limdauto
limdauto / vm-controller-distinction.js
Last active December 19, 2015 16:11
VM/Controller in Mithril Discussion
// some model holding data state
class TodoItem {
constructor() {
this.isAchieved = m.prop(false);
}
}
// vm holds application state -- http://lhorie.github.io/mithril-blog/what-is-a-view-model.html
class TodoVM extends SomeEventEmitter {
constructor() {