[ edit ]


These are some things


Return true to Win A series of JavaScript challenges.

Alert 1 to win A series of XSS challenges: here's some unsafe code; exploit it! Shortest code wins.

Regex golf A series of regex-writing challenges (now also on SPOJ)

Zip Quine A ZIP file that contains itself. Best paid code I ever wrote.

Testing tools

Chargen Generate test pages from the URL.

DNS On-the-fly DNS

Screen Test to quickly check if the resolution is 1:1

BitCalc Whiteboard for explaining bit-twiddling algorithms (example: x&-x, snoob)

Security stuff

Flash XSS Traps Adobe forgot to escape backslashes, so every Flash file that passes strings to JavaScript had XSS.

Stealing Tokens With Harmony The Proxy feature in ES6 opened a new XSSI vector.

ServiceWorker is a problem if you have a 'user content' domain (like Dropbox)

Webkit URLs A tragedy in seven parts (so far)

Safari Reader UXSS A non-hostname-based Safari bug

Complaints to @steike.