A Flash advertisement, hosted on http://ad.com/ad.swf, displayed on http://yoursite.com, can get cookie and send it to ad.com.
Example setup: http://pastehtml.com/view/1dntfa4.html
A swf is hosted on dl.dropbox.com. And it gets document.cookie of pastehtml.com and sends it to dl.dropbox.com.
The swf is using ExternalInterface.call() to execute arbitrary javascript.
This technique is explained here:
http://lcamtuf.blogspot.com/2011/03/other-reason-to-beware-of.html
Code:
So, you can execute arbitrary javascript by passing a string to ExternalInterface.call():
"\\")); YOUR SCRIPT HERE }catch(e){}//""
And, you can do cross domain xhr using swf (only to the domain where swf is hosted at).
Wednesday, March 16, 2011
Sunday, January 2, 2011
minecraft ubuntu ibus keyboard problem
ibus blocks input for minecraft or some java games (https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/481656)
so, launch those java programs with XMODIFIERS=
so, launch those java programs with XMODIFIERS=
XMODIFIERS= java -Xmx512M -cp Minecraft.jar net.minecraft.LauncherFrame
Thursday, December 16, 2010
llvm setup
LLVM Getting Started
mv ~/Downloads/clang-2.8 ~/Downloads/llvm-2.8/tools/clang
cd ~/Downloads/llvm-2.8
./configure --prefix=~/opt/llvm
make -j 12
make install
cd ~/opt/llvm
ctags -R --c++-kinds=+p --fields=+iaS --extra=+q --language-force=C++ $HOME/opt/llvm/include
mv tags ~/.vim/tags/llvm
~/.vimrc
"au BufAdd,BufNewFile * nested tab sball
set tags+=~/.vim/tags/llvm
nmap <C-\> :tab split<CR>:normal evBy<CR>:exec "tag " . @"<CR>
Friday, December 10, 2010
Setting Node properties using SlingPostServlet
SlingPostServlet is handy
To have a multi-value property that has one value, use propname@TypeHint
More stuff here: http://www.unc.edu/home/adamc/post-servlet.html
And here's script that lets you set up a test page if you are using Day CQ and ExtJS
To have a multi-value property that has one value, use propname@TypeHint
curl -u admin:admin -F'foo=bar' -F'foo@TypeHint=String[]' http://localhost:8888/some/pathMore stuff here: http://www.unc.edu/home/adamc/post-servlet.html
And here's script that lets you set up a test page if you are using Day CQ and ExtJS
#!/bin/bash
if (( $# < 1 ))
then
echo "Creates /apps/sandbox/*"
echo "Usage: $0 project_name [host] [cred]"
echo "ex, $0 test-project localhost:4502 admin:admin"
exit 1
fi
name="$1"
host="localhost:4502"
cred="admin:admin"
if (( $# >= 2 ))
then
host="$2"
fi
if (( $# >= 3 ))
then
cred="$3"
fi
path="/apps/sandbox/$name"
left="http://${host}${path}"
category="sandbox.$name"
function createComponent() {
curl -s -u "$cred" \
-F'jcr:primaryType=cq:Component' \
-F"sling:resourceType=$path" \
"$left" > /dev/null 2>&1
}
function uploadJsp() {
curl -s -u "$cred" \
-T - "$left/html.jsp" > /dev/null 2>&1 <<HEREDOC
<%@include file="/libs/foundation/global.jsp"%>
<%@page import="com.day.cq.widget.HtmlLibraryManager"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>$path</title>
<%
final HtmlLibraryManager manager = sling.getService(HtmlLibraryManager.class);
if (manager != null) {
manager.writeCssInclude(slingRequest, out, "$category");
manager.writeJsInclude(slingRequest, out, "$category");
} else {
out.write("BAD");
}
%>
</head>
<body>
<h1>Sandbox $name</h1>
</body>
</html>
HEREDOC
}
function createWidget() {
curl -s -u "$cred" \
-F'jcr:primaryType=cq:ClientLibraryFolder' \
-F'sling:resourceType=widgets/clientlib' \
-F"categories=$category" \
-F'categories@TypeHint=String[]' \
-F'dependencies=cq.widgets' \
-F'dependencies@TypeHint=String[]' \
"$left/widgets" > /dev/null 2>&1
}
function uploadJsTxt() {
curl -s -u "$cred" \
-T - "$left/widgets/js.txt" > /dev/null 2>&1 <<HEREDOC
#base=source
script.js
HEREDOC
}
function createSource() {
curl -s -u "$cred" \
-F'jcr:primaryType=nt:folder' \
"$left/widgets/source" > /dev/null 2>&1
}
function uploadJs() {
curl -s -u "$cred" \
-T - "$left/widgets/source/script.js" > /dev/null 2>&1 <<HEREDOC
CQ.Ext.onReady(function() {
//entry point
CQ.Ext.Msg.alert('Sandbox $name', 'Hello World!');
});
HEREDOC
}
echo -n "creating cq:Component $path... "
createComponent || exit 1
echo "DONE"
echo -n "uploading html.jsp... "
uploadJsp || exit 1
echo "DONE"
echo -n "creating widgets... "
createWidget || exit 1
echo "DONE"
echo -n "uploading js.txt... "
uploadJsTxt || exit 1
echo "DONE"
echo -n "creating source directory... "
createSource || exit 1
echo "DONE"
echo -n "uploading script.js... "
uploadJs || exit 1
echo "DONE"
echo "You may visit: $left.html"Thursday, December 9, 2010
reading extjs docs locally
- download extjs
- unzip the file
- cd extjs-3.1.1/docs
- python -m SimpleHTTPServer 8080
- http://localhost:8080
Thursday, December 2, 2010
ats on windows
to install ats on windows, you need cygwin.
in cygwin you need:
- g++
- make
- gmp
- maybe automake
then,
cd ats-x.x.x
./configure --prefix=/cygdrive/c/opt/ats
make
before make install, you need to modify Makefile.
- find install: target
- quote cd "$(abstopsrcdir)" && ..
and in ~/.bashrc, you need something like:
OPT_DIR=/cygdrive/c/home/opt
export ATSHOME="${OPT_DIR}/ats/lib/ats-anairiats-0.2.2"
export ATSHOMERELOC="ATS-0.2.2"
export PATH="$ATSHOME/bin:$PATH"
and atscc is available
Sunday, August 8, 2010
lua readline tab completion
#!/bin/bash
LUA_HOME="$HOME/opt/lua"
LUA_PATH="$LUA_PATH;$LUA_HOME/?.lua" LUA_CPATH="$LUA_CPATH;$LUA_HOME/?.so" "$LUA_HOME/bin/lua" -lreadline -lcomplete $*
where readline and complete are from http://lua-users.org/wiki/CompleteWithReadline
use readline.c and complete.lua. You don't have to patch lua.c.
read http://www.lua.org/manual/5.1/manual.html#pdf-package.loaders to know how to use LUA_PATH and LUA_CPATH. question mark (?) in LUA_PATH or LUA_CPATH is replaced with foo when you do require("foo"). And, when you do require("foo.bar"), it searches for foo/bar.lua or foo/bar.so if LUA_(C)PATH.
Friday, February 26, 2010
LLVM build on MinGW
building llvm-2.6
- download and install MinGW
- download and install cmake
- download llvm
- tar xvzf llvm-2.6.tar.gz
- mkdir llvm-cmake
- cd llvm-cmake
- cmake -G "MinGW Makefiles" ..\llvm-2.6
- it'll fail
- open CMakeCache.txt
- write CMAKE_C_COMPILER_ENVVAR:FILEPATH=C:/MinGW/bin/gcc.exe
- cmake -G "MinGW Makefiles" ..\llvm-2.6
- mingw32-make
For llvm 2.7,
- unzip llvm-2.7
- unzip clang source under llvm-27/tools/clang
- cd llvm-cmake
- cmake -G "MinGW Makefiles" -DCMAKE_INSTALL_PREFIX="/home/opt/llvm" ..\llvm-2.7
- mingw32-make DESTDIR=C: install
Tuesday, February 16, 2010
v8 on mingw
- install python
- install scons
- install svn
- checkout v8
svn checkout http://v8.googlecode.com/svn/trunk/ v8 - edit Sconstruct and comment out
-Werror(maybe there's a way to disable it from command line)vim v8/SConstruct cd v8sconsg++ -Iinclude samples\shell.cc libv8.a -lwinmm -lws2_32 -o v8.exe
Saturday, December 12, 2009
adds openconsole right click context:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\Folder\shell]
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\openconsole]
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\openconsole\command]
@="\"C:\\home\\opt\\Console2\\bin\\release\\Console.exe\" -d \"%L\""
adds openbash right click context (needs msys and Console2 tab named "Bash" where shell is set to C:\msys\1.0\bin\bash.exe):
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\Folder\shell]
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\openbash]
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\openbash\command]
@="\"C:\\home\\opt\\Console2\\bin\\release\\Console.exe\" -t Bash -d \"%L\""
Subscribe to:
Posts (Atom)