Josef Gajdusek
Josef Gajdusek
The websocket at `/repl` does not seem to be protected against CSRF (or, [CSWSH](https://www.christian-schneider.net/CrossSiteWebSocketHijacking.html) as some like to call it). This allows a malicious website to execute arbitrary code on...
The websocket endpoint is missing CSRF ([CSWSH](https://www.christian-schneider.net/CrossSiteWebSocketHijacking.html)) protection, allowing a malicious website to control the client. ``` var ws = new WebSocket("ws://127.0.0.1:8080/ws"); ws.onopen = function (event) { console.log("OPENED"); setInterval(function ()...
I have been playing with a third party application whose name seems better not to mention. After replaying some of the writes it does when cooperating with Sleep as Android...
Using Plot.ly plots and MathJax at the same time leads to MathJax not being rendered. See [this plot.ly issue](https://github.com/plotly/plotly.js/issues/2300) for reference. Can be fixed by adding ``` ```julia; echo=false; results="html"...
The CONFIG_NF_SOCKET_IPV{4,6} options are not enabled. These options enable the `-m socket` iptables match. This means that doing transparent IP proxies such as the one described [here](https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/) is not possible.
When attempting to correct for LO leakage on our bladeRF mini, I noticed that the correction settings seem to have no effect. This PR hopefully fixes that...
A rudimentary automatic testing harness should be added. Something like launching `wev` in a headless instance of `cage`, then running `wtype` with various arguments against it and comparing the resulting...
See [squeekboard source](https://source.puri.sm/Librem5/squeekboard/-/blob/master/src/keyboard.rs#L36) for reference.
Given that I already need it for special keys, I might as well generate the keymap instead of mashing strings together.