alf.nu [ edit ]

Erling Ellingsen

These are some things

Things

Shelfbrain Holy Trinity of Human Spelling A dictionary generated by GPT-2. On paper.

Return true to Win A series of JavaScript challenges.

Alert 1 to win A series of XSS challenges: here's some unsafe code; exploit it! Shortest code wins.

Regex golf A series of regex-writing challenges (now also on SPOJ)

Zip Quine A ZIP file that contains itself. Best paid code I ever wrote.

Testing Tools

Chargen Generate test pages from the URL.

Send File to get files from something with a browser to a real machine (and also hints for the other direction)

SHA1 collision maker

DNS On-the-fly DNS

Screen Test to quickly check if the resolution is 1:1

BitCalc Whiteboard for explaining bit-twiddling algorithms (example: x&-x, snoob)

Security Stuff

Flash XSS Traps Adobe forgot to escape backslashes, so every Flash file that passes strings to JavaScript had XSS.

Stealing Tokens With Harmony The Proxy feature in ES6 opened a new XSSI vector.

ServiceWorker is a problem if you have a 'user content' domain (like Dropbox)

Webkit URLs A tragedy in seven parts (so far)

Safari Reader UXSS A non-hostname-based Safari bug

Recent changes

2017-07-30: alert(1) was broken in Firefox (thanks Patrick G)

Complaints to @steike.