background preloader

Cookies

Cookies
Page last changed today See section 6G of the book. This script was originally written by Scott Andrew. Copied and edited by permission. This article has been translated into French On this page I give three functions to save, read and erase cookies. First an introduction to cookies, and a summary of document.cookie, followed by an example. Cookies Cookies were originally invented by Netscape to give 'memory' to web servers and browsers. This can be annoying in a number of ways. Cookies were invented to solve this problem. A cookie is nothing but a small text file that's stored in your browser. A name-value pair containing the actual dataAn expiry date after which it is no longer validThe domain and path of the server it should be sent to As soon as you request a page from a server to which a cookie should be sent, the cookie is added to the HTTP header. So every time you visit the site the cookie comes from, information about you is available. Cookies can be read by JavaScript too. Example

Regular Expressions As Functions Monday, March 3rd, 2008 • Related • Filed Under Firefox includes a non-standard JavaScript extension that makes regular expressions callable as functions. This serves as a shorthand for calling a regex's exec method. For example, in Firefox /regex/("string") is equivalent to /regex/.exec("string"). However, you can implement something similar by adding call and apply methods to RegExp.prototype, which could help with functional programming and duck-typed code that works with both functions and regular expressions. RegExp.prototype.call = function (context, str) { return this.exec(str); }; RegExp.prototype.apply = function (context, args) { return this.exec(args[0]); }; Note that both of the above methods completely ignore the context argument. Because the array and null values returned by exec type-convert nicely to true and false, the above code allows you to use something like ["a","b","ab","ba"].filter(/^a/) to return all values that start with "a": ["a","ab"].

HttpOnly Overview The goal of this section is to introduce, discuss, and provide language specific mitigation techniques for HttpOnly. Who developed HttpOnly? When? According to a daily blog article by Jordan Wiens, “No cookie for you! What is HttpOnly? According to the Microsoft Developer Network, HttpOnly is an additional flag included in a Set-Cookie HTTP response header. The example below shows the syntax used within the HTTP response header: Set-Cookie: <name>=<value>[; <Max-Age>=<age>] [; expires=<date>][; domain=<domain_name>] [; path=<some_path>][; secure][; HttpOnly] If the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script (again if the browser supports this flag). If a browser does not support HttpOnly and a website attempts to set an HttpOnly cookie, the HttpOnly flag will be ignored by the browser, thus creating a traditional, script accessible cookie. Mitigating the Most Common XSS attack using HttpOnly C# Code:

Upside-Down-TernetHowTo Note: This guide was tested using Ubuntu 8.10. Previous versions may not work. This is a HowTo for setting up Upside-Down-Ternet on Ubuntu. Basically, when a user browses the web, all the images are flipped upside-down. While it's not useful, it's quite a good April Fool's prank. The process uses a transparent proxy, web server, and script to flip the images. The proxy used in this guide is Squid v2.7. Installation There are two versions of Squid in the repositories, Squid 2.7 (package name squid) and Squid 3 (package name squid3), the former will be installed. sudo apt-get install squid Configuration Squid's configuration file is located at /etc/squid/squid.conf. On the line starting with #http_access allow localnet, change it to read: acl localnet src [your network range, e.g. 192.168.0.1/24] http_access allow localnet On the line starting with http_port 3128, append transparent so it reads: http_port 3128 transparent Find the section TAG: url_rewrite_program. Reload the configuration file:

JavaScript Timers with setTimeout and setInterval Home : Articles : JavaScript Timers with setTimeout and setInterval Tutorial by Matt Doyle | Level: Intermediate | Published on 15 January 2007 Categories: In this tutorial we'll look at JavaScript's setTimeout(), clearTimeout(), setInterval() and clearInterval() methods, and show how to use them to set timers and create delayed actions. JavaScript features a handy couple of methods of the window object: setTimeout() and setInterval(). setTimeout() window.setTimeout() allows you to specify that a piece of JavaScript code (called an expression ) will be run a specified number of milliseconds from when the setTimeout() method was called. setTimeout ( , ); where is the JavaScript code to run after milliseconds have elapsed. setTimeout() also returns a numeric timeout ID that can be used to track the timeout. Here's a simple example: Try it yourself! In the above simple example we embedded the entire code for our JavaScript alert box in the setTimeout() call. clearTimeout() clearTimeout ( ); Why?

JSMIN, The JavaScript Minifier The JavaScript Minifier Douglas Crockfordwww.crockford.com JSMin is a filter which removes comments and unnecessary whitespace from JavaScript files. What JSMin Does JSMin is a filter that omits or modifies some characters. JSMin first replaces carriage returns ('\r') with linefeeds ('\n'). It omits spaces except when a space is preceded and followed by a non-ASCII character or by an ASCII letter or digit, or by one of these characters: It is more conservative in omitting linefeeds, because linefeeds are sometimes treated as semicolons. and if it follows a non-ASCII character or an ASCII letter or digit or one of these characters: No other characters are omitted or modified. JSMin knows to not modify quoted strings and regular expression literals. JSMin does not obfuscate, but it does uglify. Before: After: Character Set JSMin requires, but does not verify, that the character set encoding of the input program is either ASCII or UTF-8. Caution Be sure to retain your original source file. a + ++b

Login/session cookies, Ajax and security Upside-Down-Ternet My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun. I'm starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock. /etc/dhcpd.conf IPtables is Fun! Suddenly everything is kittens! /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -j DNAT --to-destination 64.111.96.38 For the uninitiated, this redirects all traffic to kittenwar. For more fun, we set iptables to forward everything to a transparent squid proxy running on port 80 on the machine. /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1 That machine runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of its local webserver. The redirection script Then the internet looks like this! I made xkcd - how cool is that ?

20+ Brilliant and Advanced jQuery Effects Every new technology has its own comparisons with its competitors as jQuery is closely compared with Flash. Flash was the technology used by many web designers a while ago, but now its the turn of jQuery to add the special effects or interactivity to a website. jQuery makes it easier to create sophisticated custom effects and animations compared to Flash and also jQuery takes a lead when it comes to SEO. Some of the stunning effects which jQuery can produce are sliding in different directions, adding ease to animations, effects like flip-in, sorting, zoom-in effects in photos, panning, creating a Photo shoot effect, slider effects and many more.So we present you some of the links that shows you the demos of various brilliant and advanced effects and it gives you a clear picture in itself without the help of any tutor. 1.Apple like retina effect Achieve a retina like effect as found in Apple iPhones with this plugin with jQuery and CSS. 2.Aviaslider 3.Beautiful Background Image Navigation

Related: