"/> alert(‘xss’) <br class = "is not reflected in the input tag

I have my this web application running on localhost. I've been trying to mirror XSS through this input tag, but it doesn't work for some reason. Could someone tell me how to reflect it?

The payload that I put is: "/> <br class = "

and this came up:

Rush Limbaugh: the coronavirus "is not becoming the pandemic in this country that they (Democrats / media) expected." True or false?

Democrats / media did not predict and do not predict the spread of a pandemic. Medical professionals do it. It is still early and too early to know.

I find it strange that Trump supporters have this need to make a virus political. Viruses don't really give a shit about your policy.

Rush the junkie is an idiot.


Payment – "Is the shipping address the same as the billing address" or vice versa?

I hate to say this, but I would actually go yes. Due to the failure modes that occur if you are wrong.

For the shipping address, there is quite little to can go wrong, or rather, there is quite little to you can detect at the time of entry. That is, you can validate the address with someone's delivery address list and force them to choose a modified address, but it may not be worth doing. (The addresses of some customers are poorly configured on those systems, and that drives them crazy and they blame you)

While with the billing address, that can easily go wrong. The main purpose of the billing address is to inform the bank's fraud detection algorithms ** and, as a result, an error billing management is very likely to cause immediate decrease and then you need to iterate with the user to correct your address. If you took your billing address latest, remains a priority for the user.

That is one way that a valid shipping address check can spoil. If it has been automatically corrected to Istanbul, the credit card may decline because they have it in Constantinople.

8 – How to use "IS NULL" and "IS NOT NULL" operators in JSON API Collections?

I am creating an API with conditions and operators. by '=' Y '<>' The operators are working well. But for "IS NULL" Y "IS NOT NULL" operators the answer is 400: Incorrect request.

{{URL}}/jsonapi/node/CONTENT_TYPE?filter[filter1][condition][path]=TAXONOMY_FIELD.drupal_internal__tid&filter[filter1][condition][value]={{TID}}&filter[filter1][condition][operator]=IS NULL

enter the description of the image here

The error says: Filters using the 'IS NULL' operator should not provide a value.
enter the description of the image here

Should operators be coded? If yes, what encoding should be used and what is the encoded string for these operators?

attack prevention: why this defense against "is a Unix system!" not widely implemented?

The Jurassic Park scene referred to in the title is infamous for how absurd it sounds to those who know a lot about technology. But it also illustrates what I think is a huge hole in web security, particularly IoT devices: as soon as the attackers discover that a server or camera or baby monitor runs Linux, they instantly know volumes about how it works. They know what commands like sudo they are big juicy goals and they know that access to shell will bring with them useful tools like ls and cat.

So why is the obfuscation of the operating system no more a thing? I am not talking about hiding the version in web headers. Similar to the minification or obfuscation of JavaScript, I am talking about changing the names of binaries and file paths in the operating system. Wouldn't entire classes of attacks be virtually useless if the operating system had ha7TrUO and RRI6e29 commands instead of sudo and ls? Imagine a hacker who somehow gained access to the remote root: what will they do if they don't know any commands?

The implementation would be quite easy for compilers. Take the simplest case of "rename this function and all calls to it". You could give an operating system compiler and an application compiler the same random names and they could talk to each other. But even if the application has poor security and is vulnerable to bash injection, such attacks would be unsuccessful.

Obviously, this technique cannot be used in all scenarios. Setting aside scenarios such as servers maintained by human system administrators, it seems to me that any device or server managed by automation is a leading candidate for this defense.

I guess the questions should be a little more concrete:

  1. Is the obfuscation of the operating system as described widely used and I simply have not found it?
  2. If not widely used, what are the practical or technical barriers to use?

MySQL Workbench: error when trying to export schemas "global name" self "is not defined"

This appears as soon as you click on Export in MySQL Workbench. Error log entry:

18:19:12 [ERR][wb_admin_main.py:tab_changed:211]: Unhandled exception in Admin for>: Tracking (last most recent call):
File "/Applications/MySQLWorkbench.app/Contents/Resources/plugins/wb_admin_main.py", line 208, in tab_changed
panel.page_activated ()
File "/Applications/MySQLWorkbench.app/Contents/Resources/plugins/wb_admin_export.py", line 2255, in page_activated
self.create_ui ()
File "/Applications/MySQLWorkbench.app/Contents/Resources/plugins/wb_admin_export.py", line 2308, in create_ui
self.options_tab = WbAdminExportOptionsTab (self.ctrl_be.target_version, self.export_tab.mysqldump_defaults)
File "/Applications/MySQLWorkbench.app/Contents/Resources/plugins/wb_admin_export.py", line 1997, in in that
mysqldump_version = get_mysqldump_version ()
File "/Applications/MySQLWorkbench.app/Contents/Resources/plugins/wb_admin_export.py", line 113, in get_mysqldump_version
self.print_log_message ("Error retrieving version of% s: n% s (output% s)"% (path, exit, rc))
NameError: the global name & # 39; self & # 39; It is not defined

18.04 – The USB capture device "is not an MTP device"

I am trying to connect my USB capture card to an Ubuntu host 18.04.

However, when I am connecting it, it connects and disconnects repeatedly.
Syslog indicates that it is not an MTP device:

July 10 17:39:18 james-pc kernel: usb 1-10: new high-speed USB device number 114 with xhci_hcd
July 10 17:39:18 james-pc kernel: usb 1-10: New USB device found, idVendor = 07ca, idProduct = c835, bcdDevice = 0.00
July 10 17:39:18 james-pc kernel: usb 1-10: New USB device chains: Mfr = 1, Product = 2, SerialNumber = 3
July 10 17:39:18 james-pc kernel: usb 1-10: Product: Aver_C835_USB
July 10 17:39:18 james-pc kernel: usb 1-10: Manufacturer: AVerMedia Tech. Cía.
July 10 17:39:18 james-pc kernel: usb 1-10: Serial number: 202786700314
July 10 17:39:18 james-pc mtp-probe[11144]: Bus 1 check, device 114: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-10"
July 10 17:39:18 james-pc mtp-probe[11144]: bus: 1, device: 114 was not an MTP device
July 10 17:39:18 james-pc upowerd[6997]: uncontrolled action & # 39; bind & # 39; in /sys/devices/pci0000:00/0000:00:14.0/usb1/1-10
July 10 17:39:24 james-pc kernel: usb 1-10: USB disconnect, device number 114
July 10 17:39:24 james-pc upowerd[6997]: Uncontrolled action "unlink" in /sys/devices/pci0000:00/0000:00:14.0/usb1/1-10

How do I make Ubuntu recognize it as a USB capture device?

typing – "Is there a way to combine these functions into one?"

With these functions I mean the functions (call, hide, removeListener, addListener, observer.subscribe), I want to write them again and again, is there any better way to do it?

export class UIStateService {
authForm: UIAuthForm = {
show: fake,
type: & # 39; login & # 39 ;,
observer: new subject (),
call: () => (((this.authForm.show = true), this.authForm.observer.next (& # 39; onShow & # 39;)), this.blur.call ()),
hide: () => ((this.authForm.show = false), this.authForm.observer.next (& # 39; onHide & # 39;)),
removeListener: id => (this.authForm.listenershttps://codereview.stackexchange.com/q/223486 = undefined),
addListener: (id, listener) => {
if (this.authForm.listenershttps://codereview.stackexchange.com/q/223486 === undefined) {
this.authForm.listenershttps://codereview.stackexchange.com/q/223486 = listener;
} else {
console.warn (& # 39; Can not add a defocus detector to an existing ID: (& # 39 ;, id, & # 39;) & # 39;);
blur: UIBlur = {
show: fake,
observer: new subject (),
blurState: & # 39; hide & # 39 ;,
call: () => ((this.blur.show = true), this.blur.observer.next (& # 39; onShow & # 39;)),
hide: () => ((this.blur.show = false), this.blur.observer.next (& # 39; onHide & # 39;), (this.blur.blurState = & # 39; hide & # 39; )),
removeListener: id => (this.blur.listenershttps://codereview.stackexchange.com/q/223486 = undefined),
addListener: (id, listener) => {
yes (this.blur.listenershttps://codereview.stackexchange.com/q/223486 === undefined) {
this.blur.listenershttps://codereview.stackexchange.com/q/223486 = listener;
} else {
console.warn (& # 39; Can not add a defocus detector to an existing ID: (& # 39 ;, id, & # 39;) & # 39;);

builder () {
this.blur.observer.subscribe (type => {
for (key const in this.blur.listeners) {
if (this.blur.listeners.hasOwnProperty (key)) {
const listener = this.blur.listeners[key];
if (listener.type === type) {
listener.func ();
this.authForm.observer.subscribe (type => {
for (key const in this.authForm.listeners) {
if (this.authForm.listeners.hasOwnProperty (key)) {
const listener = this.authForm.listeners[key];
if (listener.type === type) {
listener.func ();

UI interfaces:

import {Subject} from & # 39; rxjs & # 39 ;;

export interface UIListenerItem {
type: & # 39; onShow & # 39; | & # 39; onHide & # 39 ;;
func: () => void;

export interface UIElement {
show: Boolean;
observer: subject<'onShow' | 'onHide'>;
listeners: { [key: string]: UIListenerItem};
call: () => void;
hide: () => empty;
addListener: (id: string, listener: UIListenerItem) => void;
removeListener: (id: string) => void;

UIBlur export interface extends UIElement {
blurState: & # 39; hide & # 39; | & # 39; show & # 39 ;;

UIAuthForm export interface extends UIElement {
type: & # 39; login & # 39; | & # 39; record & # 39 ;;

terraform: error in the creation of an Azure virtual machine from VHD "is not a valid resource reference"

I am trying to implement a virtual intelligent zone in Azure through Terraform, but I could not succeed many times. I also read the existing article here. Could you please give me some advice and fix it? Thank you.

Here are the details:
Terraform version:

tien $ terraform -v
Terraform v0.11.13
+ provider.azurerm v1.27.1
+ provider.random v2.1.2

What terraform did I write?

resource "azurerm_virtual_machine" "vsz_vm" {
name = "vsz.az.example.com"
location = "$ {var.location}"
resource_group_name = "$ {azurerm_resource_group.abc.name}"
network_interface_ids = ["${azurerm_network_interface.vsz_nic.id}"]
  vm_size = "Standard_D4_v3"

storage_image_reference {
id = "/subscriptions/4389d27e-249a-4f95-8bd6-3486c60945e7/resourceGroups/ABC/providers/Microsoft.Storage/storageAccounts/vszafb3c92c014b61ab/images/vscg-"

storage_os_disk {
name = "vszOsDisk"
managed_disk_type = "Premium_LRS"
create_option = "FromImage"
os_type = "Linux"

os_profile {
computer_name = "vsz.az.example.com"
admin_username = "azure"

os_profile_linux_config {
disable_password_authentication = true
ssh_keys {
path = "/home/azure/.ssh/authorized_keys"
key_data = "$ {var.ssh_public_key}"

tags {
environment = "$ {var.environment}"

then I execute the terraform command

tien $ terraform init -> OK
plan tien $ terraform -> OK
tien $ terraform applies -> ERROR

What a problem?

Error: Error when applying the plan:
1 error (s) occurred:
* module.azure_example_dlc.azurerm_virtual_machine.vsz_vm: 1 error (s) occurred:
* azurerm_virtual_machine.vsz_vm: compute.VirtualMachinesClient # CreateOrUpdate: Error request in the sending: StatusCode = 400 - Original error: Code = "BadRequest" Message = "Id / subscriptions / 4389d27e-249a-4f95-8bd6-3486coc / cs / Ct / subsp./Microsoft.Storage/storageAccounts/vszafb3c92c014b61ab/images/vscg- is not a valid resource reference. "

The VHD file vscg- exists in the "images" container in the storage account "vszafb3c92c014b61ab".

I also create the managed image before creating the virtual machine from the managed image as shown below:

        storage_image_reference {
id = "/subscriptions/4389d27e-249a-4f95-8bd6-3486c60945e7/resourceGroups/ABC/providers/Microsoft.Storage/storageAccounts/vszafb3c92c014b61ab/images/vscg-"

storage_os_disk {
name = "vszOsDisk"
managed_disk_type = "Premium_LRS"
create_option = "FromImage"
os_type = "Linux"

Using Facebook pixels to add products to catalog status "is not ready"

I'm trying to use my Facebook pixel to load products into a Facebook catalog for advertising.

I updated the microdata (open graph protocol) 7 days ago, and when I try to attach the pixel to the catalog, it is still in gray and says "it is not ready".

The pixel is firing, and I've run the Facebook debugger for my site, and it seems to be reviewing the correct data … can anyone recommend something else to consider?

There does not seem to be a contact form for Facebook Business when I visit your section of & # 39; contact with the client & # 39 ;. And sending a message to Facebook Business through Messenger only receives an automatic response …