Pastie now auto-senses if line-wrap is a bad or good idea. Feedback?
## mark a section (Learn more)
function iecheck() { if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) { var rslt = navigator.appVersion.match(/MSIE (\d+\.\d+)/, ''); var iever = (rslt != null && Number(rslt[1]) >= 5.5 && Number(rslt[1]) <= 7 ); } return iever; } MyXssMagic = { BASE_URL: 'http://localhost:3000/javascripts/', STYLESHEET: "xss_magic.css", CONTENT_URL: 'people_list.js', ROOT: 'my_xss_magic', requestStylesheet: function(stylesheet_url) { stylesheet = document.createElement("link"); stylesheet.rel = "stylesheet"; stylesheet.type = "text/css"; stylesheet.href = stylesheet_url; stylesheet.media = "all"; document.lastChild.firstChild.appendChild(stylesheet); }, requestContent: function( local ) { var script = document.createElement('script'); // How you'd pass the current URL into the request // script.src = CONTENT_URL + '&url=' + escape(local || location.href); script.src = this.BASE_URL + this.CONTENT_URL; document.getElementsByTagName('head')[0].appendChild(script); }, serverResponse: function(data) { if (!data) return; var div = document.getElementById(this.ROOT); var txt = ""; for (var i = 0; i < data.length; i++) { if (txt.length > 0) { txt += ", "; } txt += data[i]; } div.innerHTML = "<strong>Names:</strong> " + txt; // assign new HTML into #ROOT div.style.display = 'block'; // make element visible div.style.visibility = 'visible'; // make element visible } } //requestStylesheet(STYLESHEET); document.write("<div id='" + MyXssMagic.ROOT + "' style='display: none'></div>"); MyXssMagic.requestContent(); var no_script = document.getElementById('no_script'); if (no_script) { no_script.style.display = 'none'; }
This paste will be private.
From the Design Piracy series on my blog:
Pastie << self Blog
