Skip to content

Instantly share code, notes, and snippets.

View tacomanator's full-sized avatar

Drew Goodwin tacomanator

View GitHub Profile

Keybase proof

I hereby claim:

  • I am tacomanator on github.
  • I am tacomanator (https://keybase.io/tacomanator) on keybase.
  • I have a public key ASASnu6rU-Cg3GWbxPl9448xzIuDnaSd_BKQq1kuh289pAo

To claim this, I am signing this object:

13KGw6kSotkrr2US4KaMS8HM5119AiGp6Y https://explorer.blockstack.org/address/13KGw6kSotkrr2US4KaMS8HM5119AiGp6Y
// Removes all classes beginning with prefix, and replaces them
// with a prefix+suffix class. For example:
// $('#blah').addClass('foobaz');
// $('#blah').replaceClasses('foo', 'baz');
jQuery.fn.replaceClasses = function(prefix, suffix) {
var re = new RegExp('^' + prefix);
return this.each(function() {
var classes = this.className.split(/\s+/);
var newClasses = [];
var i = classes.length;
@tacomanator
tacomanator / gist:3127271
Created July 17, 2012 05:00
Firefox 3D view helps spot application vulnerabilities

Firefox 3D view helps spot application vulnerabilities

A colleague and I were checking out the 3D view now built into Firefox. What a nifty way to visualize the page structure! Well, it turns out it also helped us discover a vulnerability in our web app. In particular, a bit of untrusted user input that we forgot to encode before outputting. Read on to find out how.

Why this is important

Care must be taken to encode all untrusted input before displaying it back to the user. Attackers can take advantage of unencoded output to embed malicious tags and run arbitrary scripts on another users' computer. While this is less of a risk when data is not shared among multiple users, one should still carefully encode output.

How 3D view helps

@tacomanator
tacomanator / .autotest
Created May 12, 2012 17:49
Autotest runner for use with Minitest/Spork/Growl/fsevent. Starts Spork if it's not already running.
require 'socket'
require 'timeout'
def is_port_open?(ip, port)
begin
Timeout::timeout(1) do
begin
s = TCPSocket.new(ip, port)
s.close
return false