| (((accru|spous)i|(adorn|align|amend|assay|b(eep|ray)|bawl|belay|bilk|bl(eat|eep|oop|urt)|braid|bruit|c(aulk|h(arm|aw|eep)|heat|hurn|oil)|caper|clack|clamp|cli(mb|nk)|croon|d(ec(ay|oy)|unk)|endow|flay|foray|frown|gait|gasp|gawp|glean|gr(asp|eet)|groom|hail|heist|hint|hoard|j(eer|ink)|kneel|l(isp|o(af|ot)|urk)|maim|maul|meld|moil|mump|oust|pl(ait|ead)|pr(ay|ey|ink)|prowl|quilt|r(aid|ant|eam|oam|olf)|scold|sculk|shark|shear|shirk|shout|skink|skirt|skulk|snook|snort|sorn|sp(ank|ew|urn)|spell|spiel|spo(ol|ut)|spray|stain|stint|stomp|stoo[kp]|str(ay|oy)|swarm|teem|tempt|thump|tout|trail|tweet|usurp|w(ank|oof)|waken|wreak|y(arn|awn|elp)|yearn|yowl)i|(batc|belc|ditc|fetc|filc|lurc|mooc|notc|shus|slas|wenc)hi|(chair|stunt)i|(clasp|learn)i|(codd|dabb)i|(embow|scalp)i|(hoax|nosh)i|(moan|scorn|thank)i|(perus|refut)i|(shew|strew)i|(slack|slick)i|(striv|thriv)i|abyi|admiri|adori|advisi|aidi|amassi|ampi|antei|argui|arisi|arousi|autoi|awardi|awi|bachi|baiti|bangi|banni|bargi|bathi|bayi|berimi|blanki|b | |
| lari|blendi|blessi|blit |
hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.
3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.
I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:
By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k
Disclaimer: I'm in the Top 1% of StackOverflow contributors with 23,315 rep points.
I asked 1 high-quality question in 2024, and it was closed almost immediately, and I haven't engaged with the site since.
If someone with 20,000+ karma has their nicely-formatted questions closed so quickly, what must the newbies and rank-in-file encounter? This is probably a big reason why it's declining.
| // 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks. | |
| // You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/) | |
| (() => { | |
| const SHOW_SIDES = false; // color sides of DOM nodes? | |
| const COLOR_SURFACE = true; // color tops of DOM nodes? | |
| const COLOR_RANDOM = false; // randomise color? | |
| const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com) | |
| const MAX_ROTATION = 180; // set to 360 to rotate all the way round | |
| const THICKNESS = 20; // thickness of layers | |
| const DISTANCE = 10000; // ¯\\_(ツ)_/¯ |
| storybook:test-runner8: | |
| image: mcr.microsoft.com/playwright:v1.39.0-jammy | |
| stage: build-and-test | |
| artifacts: | |
| expire_in: 2 weeks | |
| when: always | |
| paths: | |
| - .storybook-images/__diff_output__/ | |
| - .storybook-images/__received_output__/ | |
| before_script: |
This gist is a simple no-brainer description of the 3 ways (actually 2.5) the Web handle events.
The declarative inline HTML event listener is mostly an indirection of DOM Level 0 events, meaning this simply uses the equivalent of tag.onclick = listener behind the scene.
click me
| { | |
| "Gore": [ | |
| "Blood", "Bloodbath", "Crucifixion", "Bloody", "Flesh", "Bruises", "Car crash", "Corpse", "Crucified", "Cutting", "Decapitate", "Infested", "Gruesome", "Kill (as in Kill la Kill)", "Infected", "Sadist", "Slaughter", "Teratoma", "Tryphophobia", "Wound", "Cronenberg", "Khorne", "Cannibal", "Cannibalism", "Visceral", "Guts", "Bloodshot", "Gory", "Killing", "Surgery", "Vivisection", "Massacre", "Hemoglobin", "Suicide", "Female Body Parts" | |
| ], | |
| "Drugs": [ | |
| "Drugs", "Cocaine", "Heroin", "Meth", "Crack" | |
| ], | |
| "Clothing": [ | |
| "no clothes", "Speedo", "au naturale", "no shirt", "bare chest", "nude", "barely dressed", "bra", "risqué", "clear", "scantily", "clad", "cleavage", "stripped", "full frontal unclothed", "invisible clothes", "wearing nothing", "lingerie with no shirt", "naked", "without clothes on", "negligee", "zero clothes" | |
| ], |
| import z from "zod"; | |
| export async function safeFetch<T>( | |
| schema: z.Schema<T>, | |
| input: RequestInfo, | |
| init?: RequestInit | |
| ): Promise<T> { | |
| const response = await fetch(input, init); | |
| if (!response.ok) { |
All of the following values for the <script type=" ••• "> will cause inline or external JavaScript to execute:
| Value | Note |
|---|---|
"" |
The default value of script.type (eg: no type attribute present) |
"text/javascript" |
The official JavaScript MIME type |
"application/javascript" |
Legacy MIME type from when semantics mattered |
"text/x-javascript" |
Legacy MIME type from before JavaScript was accepted as a valid MIME type |