Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
It's super awesome to see how your designed banner has gone so far populat and everyone is loving it.
Hope you(post your exams), @kimmax and new team members start developing the final product and roll it out soon.
Till then, the temporary frontend also rocks. Backend is indeed more stable apart from few stuffs.
Keep rocking. Team devBanner. -
DON'T USE THE FRONTEND. IT'S FLAWED AND YOU COULD BE EXPLOITED BY XSS.
Also, @skynet, the frontend is not awesome, but copied.. from the devrant website.
Things are going to be changed or you can get ready for a fork. -
-
@African will be in phase 3, 4
-
@skynet
Please join the gitter chat. Thanks -
@ignuit we will go with devBanner and eventually support more features like wallapers, memes, etc
-
@CozyPlanes Thanks :)
-
@PrivateGER you can xss a github page? Wtf
-
@CozyPlanes Did you not see what happened to the old page?
-
@CozyPlanes You could literally eval("alert('Hey')");
-
@PrivateGER it seems to be fixed a bit, can you try again? (i dont know xss well)
-
@PrivateGER and also without the eval()
-
@PrivateGER @MatiasConTilde
It is github pages with damn simple html,
If you can xss, isnt that a vulnerability in github? -
@CozyPlanes The new frontend is not vulnerable, becouse the input doesn't get stored and shown like in the other one, but anyways the other one got fixed too
-
@Alice He cut off the JS too. I had:
<script>var base64 = YWxlcnQoJ1Rlc3QnKQ=="; eval('atob(base64)'; </script> -
@Alice it's not. And there a ways to overcome this restriction.
Instead of simple toying arround he just should read up on the topic and do it properly -
@Alice It probably was a "Oh shit I need to fix it"-fix since everyone was XSS'ing the shit out of the site.
-
@Kimmax I think spare time projects really should be about toying around, but I guess we differ in opinion there :)
@Alice @PrivateGER It definately WAS an "oh fuck what do I do now, I need to fix this" reaction, as I had somewhere to go and very little time to deal with it, so just adding a quick `tr -d '><' to the end of the line was the most convenient thing to do at the time 😅 💩 .
I had some time later today, though, so I made sure that the HTML is escaped properly now. Feel free to test it out! -
@Alice hmm I’ll look into the newlines thing , I think that might have something to do with the way I generate the url. The “ problem is hard to verify atm though, since the API seems to be down (all requests result in a bad gateway error).
-
@bashlord Can you show us the escaping? I'd like to see it.
-
Sure, you can find the functions I wrote for it right here https://github.com/redrock9/... @PrivateGER
-
@Alice I saw that and laughed.
10/10 Will creep later. 👍🏼 -
Generator endpoints has changed
https://generator.devbanner.center/...
Current front-end got a new url
https://devbanner.center
Wan't your own personal devBanner?
Now you can have one!
We're building a powerful banner generator over here...
New banner 🤘
Yes, yes, you have waited long for it.
Thanks to the contribution of @Etnath , now devBanner has a custom wi...
For those are interested in devBanner project, here is the keynote.
All api calls will be made in
https://devbanner.center
Temporary frontend is available at
http://bashlord.com/devrant-banners
Concept frontend available at
https://cozyplanes.github.io/dB-UI
Contribute to the project at
https://github.com/cozyplanes/...
Docs coming soon!
Current:
https://cozyplanes.gitbooks.io/devb...
We are looking for a frontend developer and logo designer. If you are interested, reach me at cozyplanes@tuta.io (send questions here too)
Questions? Send via email (reply in 24hrs) or comment below by mentioning me.
Cheers!
rant
devbanner
banner. cozyplanes
keynote