I hereby claim:
- I am tacomanator on github.
- I am tacomanator (https://keybase.io/tacomanator) on keybase.
- I have a public key ASASnu6rU-Cg3GWbxPl9448xzIuDnaSd_BKQq1kuh289pAo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
13KGw6kSotkrr2US4KaMS8HM5119AiGp6Y https://explorer.blockstack.org/address/13KGw6kSotkrr2US4KaMS8HM5119AiGp6Y |
// Removes all classes beginning with prefix, and replaces them | |
// with a prefix+suffix class. For example: | |
// $('#blah').addClass('foobaz'); | |
// $('#blah').replaceClasses('foo', 'baz'); | |
jQuery.fn.replaceClasses = function(prefix, suffix) { | |
var re = new RegExp('^' + prefix); | |
return this.each(function() { | |
var classes = this.className.split(/\s+/); | |
var newClasses = []; | |
var i = classes.length; |
A colleague and I were checking out the 3D view now built into Firefox. What a nifty way to visualize the page structure! Well, it turns out it also helped us discover a vulnerability in our web app. In particular, a bit of untrusted user input that we forgot to encode before outputting. Read on to find out how.
Care must be taken to encode all untrusted input before displaying it back to the user. Attackers can take advantage of unencoded output to embed malicious tags and run arbitrary scripts on another users' computer. While this is less of a risk when data is not shared among multiple users, one should still carefully encode output.
require 'socket' | |
require 'timeout' | |
def is_port_open?(ip, port) | |
begin | |
Timeout::timeout(1) do | |
begin | |
s = TCPSocket.new(ip, port) | |
s.close | |
return false |