ThingsReturn Alert 1 to win A series of XSS challenges: here's some unsafe code; exploit it! Shortest code wins. Regex golf A series of regex-writing challenges (now also on SPOJ) Zip Quine A ZIP file that contains itself. Best paid code I ever wrote. Testing ToolsChargen Generate test pages from the URL. Send File to get files from something with a browser to a real machine (and also hints for the other direction) SHA1 collision maker DNS On-the-fly DNS Screen Test to quickly check if the resolution is 1:1 BitCalc Whiteboard for explaining bit-twiddling algorithms (example: x&-x, snoob) |
Old Security StuffFlash XSS Traps Adobe forgot to escape backslashes, so every Flash file that passes strings to JavaScript had XSS. Stealing Tokens With Harmony The ServiceWorker is a problem if you have a 'user content' domain (like Dropbox) Webkit URLs A tragedy in seven parts (so far) Safari Reader UXSS A non-hostname-based Safari bug |