content
big-list-of-naughty-strings
Our great sponsors
content | big-list-of-naughty-strings | |
---|---|---|
118 | 41 | |
8,609 | 45,775 | |
1.5% | - | |
10.0 | 0.0 | |
about 24 hours ago | 9 months ago | |
Markdown | Python | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
content
-
Developer should-know websites
MDN Web Docs, previously Mozilla Developer Network
-
đŸ”¥ Top 10 Best Websites to Learn Coding for Free! đŸ’»
MDN Web Docs MDN Web Docs is an invaluable resource for web developers. From basic syntax to advanced concepts, you'll find comprehensive documentation on HTML, CSS, JavaScript, and more.
-
Next.js: consequence of AppRouter on your CSP
Nonce attribute from MDN
-
Web Development Tools and Resources
MDN Web Docs (Visit Site)
-
Symbiote.js 2.0
In Symbiote.js, almost everything you see should already be familiar to you, directly or indirectly. Unless you're new to frontend. And if you are a beginner, then you can learn the necessary basics on popular sites with documentation on modern specifications, for example MDN.
-
19 Handy Websites for Web Developers
MDN Web Docs is undoubtedly the most important website for web developers. Maintained by Mozilla, this comprehensive resource provides in-depth documentation on HTML, CSS, and JavaScript, making it an invaluable reference for developers at all skill levels.
-
Ask HN: If you were to build a web app today what tech stack would you choose?
My 2 cents: keep working with Go. Learn just enough about templates to start, JSON to struct mapping and URL routing. It's not a great backend, but the client is what you really need to learn. For the client look through browser tools F12. For the basics of HTML, CSS and JavaScript skim through https://www.w3schools.com/ [People HATE this site but it has very limited info, making it a quick read.] For actual documentation use MDN https://developer.mozilla.org/ and skip any framework/library until you have the basics.
-
StackOverflow alternatives for web developers
MDN, the Mozilla developer network, features references, browser support stats and practical code examples, especially for CSS and the DOM API
-
My Journey to Becoming a Full-Stack Developer and DevOps Intern: Balancing Django, DevOps, and Community
MDN Web Docs: A comprehensive resource for web development documentation.
-
"react-next-tilt" and "react-flip-tilt" NPM Packages
Link to a relevant source for more information which can be a demo page, storybook page, or a website like MDN
big-list-of-naughty-strings
- What's that touchscreen in my room?
-
Super sorry to the guy with the username reset on GitHub
Sounds like we need to use the Big List Of Naughty Strings to weed out troublesome usernames...
- API Security Testing
-
Discussion Thread
oh boy oh boy https://github.com/minimaxir/big-list-of-naughty-strings
-
100+ Must Know Github Repositories For Any Programmer
2. Big List of Naughty Strings
- A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
-
What Can’t the Internet Handle in 2022? Apostrophes
The Big List of Naughty Strings is a nice starting point: https://github.com/minimaxir/big-list-of-naughty-strings
-
From 7 Years of Apache HTTP Server Logs: 5528 Unique Recon and Attack Vectors
(or run "cat" instead of cowsay to block their script)
- Pick a header, then insert one from [EICAR test string[2], \x00, \n] somewhere in the middle.
- Or just add a "Server:" header with a random line from the Big List of Naughty Strings[3].
- Redirect to a normal URL, but with a trailing dot in the domain name[4], like "example.com.". It's valid, but you'd be surprised how many things it breaks.
- Nested content encoding with "Content-Encoding: gzip, gzip, gzip, gzip, ...", with a randomly selected depth. Or where the n-1 payload is "WAZAAAA" instead of a valid gzip.
- "Content-Type: image/jpeg" and "Content‑Encoding: gzip" with a valid gzip body... But the ‑ in "Content‑Encoding" is U+2011 NON-BREAKING HYPHEN.
- Spin the wheel of HTTP status codes! res.WriteHeader(rand.Intn(1000))
- Infinite loop sending a 100 (Continue) every five seconds (they might have a timeout for the TCP and TLS handshakes, but did they remember to set a timeout for receiving the HTTP body?). Watch out for running out of connections.
[1] https://github.com/jwilk/url.sh
[2] https://en.wikipedia.org/wiki/EICAR_test_file
[3] https://github.com/minimaxir/big-list-of-naughty-strings
[4] https://en.wikipedia.org/wiki/Fully_qualified_domain_name
-
Tell me you suck at regex without telling me you suck at regex
Well, there is the big list of naughty strings which, in some interpretations, can be considered quite profane.
-
Breaking our Latin-1 assumptions
This is usually the point to link to the Big List of Naughty Strings: https://github.com/minimaxir/big-list-of-naughty-strings
If your system can handle these it can probably handle most global text.
What are some alternatives?
SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Propeller - Propeller - Develop more, Code less. Propeller is a front-end responsive framework based on Google's Material Design Standards & Bootstrap.
sorbet - A fast, powerful type checker designed for Ruby
ms-teams-rce
eslint-plugin-no-unsanitized - Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
proposal-pipeline-operator - A proposal for adding a useful pipe operator to JavaScript.
javascript-questions - A long list of (advanced) JavaScript questions, and their explanations :sparkles:
synth - The Declarative Data Generator
WSL - Issues found on WSL
33-js-concepts - đŸ“œ 33 JavaScript concepts every developer should know.
ublacklist - Blocks specific sites from appearing in Google search results