go

In this write-up, we’ll delve into how, through differential fuzzing, we uncovered a bug in Go’s exp/net HTML’s tokenizer. We’ll show potential XSS implications of this flaw. Additionally, we’ll outline how Google assessed this finding within their VRP program and guide how to engage and employ fuzzing to evaluate your software. Introduction Reminisce with me the discussion boards of 2005. Open to all, searchable from every corner, with no account needed to peek in....

I’m not that much of a frontend guy, but I was encouraged by the technology pace used in browsers to play with it. My goal was simple - create a website that imitates a native app. I didn’t have any brilliant ideas at the time therefore my choice fell on a simple student app for my school featuring: Timetable (group filtered) (the original plan is in excel format) Lucky number - every student in a group has it’s number assigned based on alphabetical order of his name and every day a number is drawn resulting in some protection from lack of homework and small unannounced exams News scraped from school’s website rss Teachers quotes - students have made a facebook page which stores funny teacher statements I needed a backend for it, and it’s what this article is all about....

Go doesn’t support generics, one can use go generate, but writing code for that is a pain. Instead we can tinker with reflection to manipulate types and channels. This allows us to create neat event dispatcher with user friendly handler registration and somewhat reasonable event registration. Event emitters are pretty popular in OOP languages which support generics, but of course Go is not one of them. We will try to achieve something similar without generic types....