Understanding JavaScript and Console
TheProdigyLeague opened this issue · comments
Include Self-XSS research
DevTools failed to load source map...
githubassets.com/assets/app_components
-pkgs
-dnd-kit
-ls-node module
-notifications
-dist index
Devs are constantly needing to update policies when product reaches consumer. Deprecating and causing unecessary bloat. Consumers lose trust resulting in data market manipulation
Security OverviewHTTPS
Certificates are issued from DigiCert TLS Hybrid using TLS 1.3, X25519 CHACHA20_POLY1305 encryption algorithm registered from The Fed and it's Corporate Conglomerates.
An example of a basic SSL Server Certificate.com_Org_Inc.
DigiCert TLS Hybrid ECC SHA384 2020 CA1
Silicon Valley
Issued On Monday, February 13, 2023 at 7:00:00 PM
Expires On Thursday, March 14, 2024 at 7:59:59 PM
Board Meeting
SHA-256 Fingerprint 92 A3 7F BD 5E 21 A5 3A 95 C7 16 E1 14 4F 44 2F
58 2B 94 D0 FA FC 67 3E B6 71 7A 4E B5 1A 88 A7
SHA-1 Fingerprint A3 B5 9E 5F E8 84 EE 1F 34 D9 8E EF 85 8E 3F B6
62 AC 10 4A
Must go through endless decryption process to receive © from JPY [微观的。设备] Serial Device Information
First instance of a common script used when payloading multiple tabs when needing to fill out consumer forms and forced third party website applications manipulating data markets.
Puppeteering.js
user executes script in PS, if function method call url link, api pops-up with no access error target vector code error
Second instance of common script used when payloading the same tab when needing to fill out data and consumer forms while forcing third party website business partner (All Copyrights Reserved.) Man-ipulating consumer data and consumer markets.
2023-03-25T21:14:25.1705153Z ##[section]Starting: Prepare job test 2023-03-25T21:14:25.1707846Z Evaluating strategy 2023-03-25T21:14:25.1712696Z Creating job '__default' 2023-03-25T21:14:25.1715118Z Evaluating timeout 2023-03-25T21:14:25.1715190Z Evaluating cancel timeout 2023-03-25T21:14:25.1715228Z Evaluating continue on error 2023-03-25T21:14:25.1715272Z Evaluating target 2023-03-25T21:14:25.1717082Z ##[section]Finishing: Prepare job test
Third Instance of common script used when payloading the same tab when needing to fill out data and consumer forms while forcing third party website business partner (All Copyrights Reserved.) Man-ipulating consumer data and consumer markets.
Security Policy: Cannot retrieve favicon.
### Unintentional Violations.
Refused to load the image 'https://github.com/favicon.ico' because it violates the following Content Security Policy directive: "img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com".
import {ssrSafeDocument} from '@github-ui/ssr-utils'
import {loaded} from '@github-ui/document-ready'
import {bundler} from '@github-ui/runtime-environment'
let stats: PlatformBrowserStat[] = []
const chunkSize = 64 * 1024
export function sendStats(stat: PlatformBrowserStat, flushImmediately = false): void {
if (stat.timestamp === undefined) stat.timestamp = new Date().getTime()
stat.loggedIn = isLoggedIn()
stat.staff = isStaff()
stat.bundler = bundler
stats.push(stat)
if (flushImmediately) {
flushStats()
} else {
scheduleSendStats()
}
}
let queued: number | null = null
async function scheduleSendStats() {
await loaded
if (queued == null) {
queued = window.requestIdleCallback(flushStats)
}
}
function flushStats() {
queued = null
if (!stats.length) {
return
}
const url = ssrSafeDocument?.head?.querySelector<HTMLMetaElement>('meta[name="browser-stats-url"]')?.content
if (!url) {
return
}
const batches = getBatches(stats)
for (const batch of batches) {
safeSend(url, `{"stats": [${batch.join(',')}] }`)
}
stats = []
}
// getBatches breaks up the list of stats into smaller batches
// that are less than 64kb in size. This is to avoid hitting the
// size limit of the beacon API.
function getBatches(items: PlatformBrowserStat[]): string[][] {
const batches: string[][] = []
const itemStrings = items.map(item => JSON.stringify(item))
while (itemStrings.length > 0) {
batches.push(makeBatch(itemStrings))
}
return batches
}
// makeBatch walks the items and collects batches of items that are within
// the 64kb limit. If an item is too big to fit in a batch, it is sent alone.
function makeBatch(itemStrings: string[]): string[] {
const firstItem = itemStrings.shift()!
const batch: string[] = [firstItem]
let size = firstItem.length
while (itemStrings.length > 0 && size <= chunkSize) {
const nextItemSize = itemStrings[0]!.length
if (size + nextItemSize <= chunkSize) {
const itemString = itemStrings.shift()!
batch.push(itemString)
size += nextItemSize
} else {
break
}
}
return batch
}
function safeSend(url: string, data: string) {
try {
if (navigator.sendBeacon) {
navigator.sendBeacon(url, data)
}
} catch {
// Silently ignore errors: https://github.com/github/github/issues/178088#issuecomment-829936461
}
}
function isLoggedIn(): boolean {
return !!ssrSafeDocument?.head?.querySelector<HTMLMetaElement>('meta[name="user-login"]')?.content
}
export function isStaff(): boolean {
return !!ssrSafeDocument?.head?.querySelector<HTMLMetaElement>('meta[name="user-staff"]')?.content
}
// Flush stats before users navigate away from the page
ssrSafeDocument?.addEventListener('pagehide', flushStats)
ssrSafeDocument?.addEventListener('visibilitychange', flushStats)