Displaying 1 to 20 from 72 results

xss-filters - Secure XSS Filters

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.

string.js - Extra JavaScript string methods.

  •    Javascript

string.js, or simply S is a lightweight (< 5 kb minified and gzipped) JavaScript library for the browser or for Node.js that provides extra String methods. Originally, it modified the String prototype. But I quickly learned that in JavaScript, this is considered poor practice.Personally, I prefer the cleanliness of the way code looks when it appears to be native methods. i.e. when you modify native JavaScript prototypes. However, if any app dependency required string.js, then the app's string prototype would be modified in every module. This could be troublesome. So I settled on creating a wrapper a la jQuery style. For those of you prototype hatin' fools, there is the method extendPrototype().

termbox - Library for writing text-based user interfaces

  •    C

Termbox is a library that provides minimalistic API which allows the programmer to write text-based user interfaces.It is based on a very simple abstraction. The main idea is viewing terminals as a table of fixed-size cells and input being a stream of structured messages. Would be fair to say that the model is inspired by windows console API. The abstraction itself is not perfect and it may create problems in certain areas. The most sensitive ones are copy & pasting and wide characters (mostly Chinese, Japanese, Korean (CJK) characters). When it comes to copy & pasting, the notion of cells is not really compatible with the idea of text. And CJK runes often require more than one cell to display them nicely. Despite the mentioned flaws, using such a simple model brings benefits in a form of simplicity. And KISS principle is important.




vmware_escape - VMware Escape Exploit before VMware WorkStation 12.5.5

  •    C

VMware Escape Exploit before VMware WorkStation 12.5.5

voca - The ultimate JavaScript string library

  •    Javascript

The Voca library offers helpful functions to make string manipulations comfortable: change case, trim, pad, slugify, latinise, sprintf'y, truncate, escape and much more. The modular design allows to load the entire library, or individual functions to minimize the application builds. The library is fully tested, well documented and long-term supported. Voca can be used in various environments.

node-charm - ansi control sequences for terminal cursor hopping and colors

  •    Javascript

Use ansi terminal characters to write colors and cursor positions.Charm objects pass along the data events from their input stream except for events generated from querying the terminal device.

jsesc - Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data

  •    Javascript

For any input, jsesc generates the shortest possible valid printable-ASCII-only output. Here’s an online demo.jsesc’s output can be used instead of JSON.stringify’s to avoid mojibake and other encoding issues, or even to avoid errors when passing JSON-formatted data (which may contain U+2028 LINE SEPARATOR, U+2029 PARAGRAPH SEPARATOR, or lone surrogates) to a JavaScript parser or an UTF-8 encoder.


secure-handlebars - Handlebars Context Pre-compiler

  •    Javascript

Check out the latest slide deck, presented in the OWASP AppSec USA 2015.Imagine a template is written like so: <a href="{{url}}">{{url}}</a>. When it is compiled with an untrusted user data like {"url": "javascript:alert(666)"}, secure-handlebars automatically applies contextual escaping and generates the HTML <a href="x-javascript:alert(666)">javascript:alert(666)</a> as a result.

node-term-css - style terminal output using CSS

  •    Javascript

Terminal CSS styling using node-css.term-css substitutes tokens with properties in the object passed, for example {name} will access { name: "tobi" }, whereas {labels.visits} will access { labels: { visits: 'Visits' } }.

sqlstring - Simple SQL escape and format for MySQL

  •    Javascript

Caution These methods of escaping values only works when the NO_BACKSLASH_ESCAPES SQL mode is disabled (which is the default state for MySQL servers).This looks similar to prepared statements in MySQL, however it really just uses the same SqlString.escape() method internally.

ansi-regex - Regular expression for matching ANSI escape codes

  •    Javascript

Some of the codes we run as a test are codes that we acquired finding various lists of non-standard or manufacturer specific codes. We test for both standard and non-standard codes, as most of them follow the same or similar format and can be safely matched in strings without the risk of removing actual string content. There are a few non-standard control codes that do not follow the traditional format (i.e. they end in numbers) thus forcing us to exclude them from the test because we cannot reliably match them.On the historical side, those ECMA standards were established in the early 90's whereas the VT100, for example, was designed in the mid/late 70's. At that point in time, control codes were still pretty ungoverned and engineers used them for a multitude of things, namely to activate hardware ports that may have been proprietary. Somewhere else you see a similar 'anarchy' of codes is in the x86 architecture for processors; there are a ton of "interrupts" that can mean different things on certain brands of processors, most of which have been phased out.