Adam Pritchard
Adam Pritchard
`injected.js` [only gets injected](https://github.com/jcs/endless/blob/fe568397d130c474a08164352cdc809e03b36278/Endless/URLInterceptor.m#L567) in the top-level page, not in iframes. This means that the functionality it provides is not available inside iframes. So, these are missing (at least): -...
## Spec In the words of the primary stakeholder: > This was a new position for DECA and I was new to try to manage this sort of thing. So...
My first implementation of CSRF prevention code used the ["Double Submit Cookies"](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies) pattern. That works fine for the [management site](https://github.com/adam-p/danforth-east/blob/master/main.py), but not for the self-serve page. The problem is that...
I have seen a lot of errors in the demo instance when people are trying to load a page or when the `/tasks/members-sheet-cull` cron job is running. ``` BaseHandler exception...
If the default "Primary Styling CSS" or the user's currently selected "Syntax Highlighting CSS" changes in a release, and the user hasn't modified the previous default, then the user's styles...
This is from a [Google Group post](https://groups.google.com/forum/#!topic/markdown-here/c5vnTBQcGaU). Github supports an extension to Markdown for creating [checkbox task lists](https://github.com/blog/1375%0A-task-lists-in-gfm-issues-pulls-comments). This MD: ``` - [x] @mentions, #refs, [links](), **formatting**, and tags are...
External add-ons in Postbox "are no longer supported as of Postbox 6.0": https://www.postbox-inc.com/add-ons Users of older versions of Postbox will have to make do with previous MDH builds.
go-chi/chi/middleware/RealIP and go-chi/httprate suffer from problems getting the "real" client IP. I'll try to break it down into categories. RealIP isn't necessarily "security-related", but it depends on how the dev...
Fixes #227 **Summary of Changes** 1. Split `X-Forwarded-For` using space rather than comma-space. 2. Trim whitespace from resulting value. 3. Add tests. (Including for `Forwarded` parsing, which didn't have this...
**Describe the bug** The [current code](https://github.com/gorilla/handlers/blob/3e030244b4ba0480763356fc8ca0ade6222e2da0/proxy_headers.go#L74-L78) looks like this: ```go s := strings.Index(fwd, ", ") if s == -1 { s = len(fwd) } addr = fwd[:s] ``` As can...