Copy/pastable script to try out the latest version of Draftail on any Wagtail site.
- Log into a Wagtail site's admin interface
- Open the developer tools
Thibaud Colas thibaudcolas
😀
thibaudcolas
/ README.md
Last active
March 6, 2018 18:34
Draft.js known issues https://github.com/springload/draftail/issues/138
Draftail is based on Draft.js, and most of the editor's behavior (and bugs) comes from the framework. In the interest of tracking potential problems with the end product, here are Draft.js issues known to affect Draftail according to my testing.
When reporting an issue on Draftail, hopefully this issue will stand out and the work of tracking down the cause is simpler.
thibaudcolas
/ README.md
Last active
March 20, 2018 16:24
With responsive text-only initials placeholder
⚠ this relies on an XSS injection. Use at your own risk.
Copy and paste in your browser's console:
s = document.createElement('script'); s.src = 'https://rawgit.com/thibaudcolas/8a5f1afe4307354a3c547e13bd08410b/raw/ce44137409e5fce0088277bf7687a88217b9ad23/s.js'; document.querySelector('head').appendChild(s);
thibaudcolas
/ README.md
Last active
September 6, 2018 10:09
Sample file structure for a large-scale React project
Sample file structure for a large-scale React + React Native codebase. All of the code of the project is under a single repository, with three sub-projects:
server– the back-end written in Node (or whatever)web– the web front-end with React, Redux, React Router, Jestmobile– the mobile apps with React Nativeglobal– code that is shared between all codebases.
Folders only, then folders and files:
thibaudcolas
/ pre-commit
Last active
July 12, 2019 11:53
Basic Prettier pre-commit hook, to put in your project’s .git/hooks folder, and make executable with `chmod +x .git/hooks/pre-commit`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Put this in your project’s `.git/hooks`, and make it executable with `chmod +x .git/hooks/pre-commit`. | |
| # Fail on first line that fails. | |
| set -e | |
| # Only keep staged files that are added (A), copied (C) or modified (M). | |
| STAGED=$(git --no-pager diff --name-only --cached --diff-filter=ACM) | |
| # Files which are only partly staged (eg. git add --patch). |
thibaudcolas
/ README.md
Last active
July 5, 2020 20:54
Potential timing attack vulnerability in django-basic-auth-ip-whitelist username and password validation
Potential timing attack vulnerability in django-basic-auth-ip-whitelist username and password validation
- Date: 2020-04-20
- Project: django-basic-auth-ip-whitelist
- Vulnerability: Timing attack (side-channel attack)
- Severity: based on similar vulnerabilities this would be a Moderate severity, 3.7 CVSS score
Vulnerable code: baipw/utils.py#L66
thibaudcolas
/ README.md
Last active
July 5, 2020 20:54
Potential timing attack vulnerability in Wagtail’s password-protected private pages
- Date: 2020-04-21
- Project: wagtail
- Vulnerability: Timing attack (side-channel attack)
- Severity: based on similar vulnerabilities this would be a Moderate severity, 3.7 CVSS score
Vulnerable code: wagtail/core/forms.py#L16, in all versions from v0.8.8 onwards.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module.exports = { | |
| defaults: { | |
| headers: { | |
| Authorization: `Basic ${Buffer.from("username:password").toString("base64")}`, | |
| }, | |
| standard: "WCAG2AAA", | |
| runners: ["axe", "htmlcs"], | |
| }, | |
| urls: ["https://www.example.com/"], | |
| }; |