Skip to content

Instantly share code, notes, and snippets.

View rodlevy's full-sized avatar

rodlevy

18 followers · 0 following
View GitHub Profile
@rodlevy
rodlevy / testNotSecret
Created February 2, 2016 20:47
def testNotSecret
end
@rodlevy
rodlevy / web_security.md
Created June 27, 2013 18:11

Web Security

This post outlines three common web security vulnerabilities with specific examples in Rails. For a more complete list, I highly recommend the OWASP Rails security cheatsheet.

Cross-Site Scripting (XSS)

A cross-site scripting attack is when malicious scripts are injected into a web site in order to compromise it.

For example, let's say we want to allow html tags such as <strong> in our blog comments, so we render raw output using the Rails method #html_safe:




  


  




    


          
    

      

        
        

          

              @rodlevy
          

          

            
                rodlevy
                / main.css
            
            

              Created
              June 18, 2013 13:42
            

          

        

      

        

  

    
    


        



  


  

        

          
          .container {
        

        

          
            /*
        

        

          
              If you have a block-level element of a certain width, margin: 0 auto;
        

        

          
              will how you center it inside its parent container.
        

        

          
          

        

        

          
              See: http://bluerobot.com/web/css/center1.html
        

        

          
              
        

        

          
              Don't change the container width.
        

        

          
            */
        

        

          
            margin: 0 auto;  
        

  





    


  




    


          
    

      

        
        

          

              @rodlevy
          

          

            
                rodlevy
                / jquery_quiz.js
            
            

              Created
              June 10, 2013 23:01
                — forked from dbc-challenges/jquery_quiz.js
            

          

        

      

        

  

    
    


        



  


  

        

          
          /* Here is your chance to take over Socrates!  
        

        

          
          

        

        

          
          

        

        

          
          Spend 10 minutes on each of the following hacks to the socrates website.
        

        

          
          Enter them in the console to make sure it works and then save
        

        

          
          your results here. 
        

        

          
          

        

        

          
          Choose a new pair for each. Add your names to the section you complete.
        

        

          
          */
        

  





    


  




    


          
    

      

        
        

          

              @rodlevy
          

          

            
                rodlevy
                / lucky_ajax.md
            
            

              Created
              June 4, 2013 17:35
                — forked from dbc-challenges/lucky_ajax.md
            

          

        

      

        

  

      

    
Instructions:


    

  1. Download this application skeleton.
    2. 

  2. Convert the app to use AJAX.
    3. 

  3. Add any files you changed to your gist and submit your code.
    4. 




  


  




    


          
    

      

        
        

          

              @rodlevy
          

          

            
                rodlevy
                / jquery_quiz.js
            
            

              Last active
              December 17, 2015 17:59
                — forked from dbc-challenges/jquery_quiz.js
            

          

        

      

        

  

    
    


        



  


  

        

          
          /* Here is your chance to take over Socrates!  
        

        

          
          

        

        

          
          

        

        

          
          Spend 10 minutes on each of the following hacks to the socrates website.
        

        

          
          Enter them in the console to make sure it works and then save
        

        

          
          your results here. 
        

        

          
          

        

        

          
          Choose a new pair for each. Add your names to the section you complete.
        

        

          
          */
        

        

          
          $('.site-content').css('background-color', 'red');
        

  





    


  




    


          
    

      

        
        

          

              @rodlevy
          

          

            
                rodlevy
                / zoo.js
            
            

              Created
              May 23, 2013 13:44
                — forked from dbc-challenges/zoo.js
            

          

        

      

        

  

    
    


        



  


  

        

          
          //------------------------------------------------------------------------------------------------------------------
        

        

          
          // YOUR CODE: Create your Zoo "object literal" and Animal "constructor" and "prototypes" here.
        

        

          
          //------------------------------------------------------------------------------------------------------------------
        

        

          
          

        

        

          
          

        

        

          
          

        

        

          
          //------------------------------------------------------------------------------------------------------------------
        

        

          
          // DRIVER CODE: Do **NOT** change anything below this point. Your task is to implement code above to make this work.
        

        

          
          //------------------------------------------------------------------------------------------------------------------