alf.nu [ edit ]

Hello

These are some things

Things

Regex golf A series of regex-writing challenges (now also on SPOJ)

Alert 1 to win A series of XSS challenges: here's some unsafe code; exploit it! Shortest code wins.

Return true to Win ECMAScript golf. When does this function return true?

Zip Quine A ZIP file that contains itself. Best paid code I ever wrote.

Testing tools

Chargen Generate test pages from the URL.

DNS On-the-fly DNS

Some bugs

Flash XSS Traps Adobe forgot to escape backslashes, so every Flash file that passes strings to JavaScript had XSS.

Stealing Tokens With Harmony The Proxy feature in ES6 opened a new XSSI vector.

ServiceWorker is a problem if you have a 'user content' domain. It could be used to steal files from Dropbox.

Complaints to @steike.