Iubenda, check consent given in javascript

Logo Iubenda

Simple script to check if user have given consent to Iubenda privacy/cookie policy. Function will return true if user has given consent, false otherwise.

Semplice script per verificare se l’utente ha dato il consenso alla privacy / cookie policy di Iubenda. La funzione restituirà true se l’utente ha dato il consenso, altrimenti falso.

Event style use:

function iubendaConsentGiven(){
  var pairs = document.cookie.split(";");
  var cookies = {};
  for (var i=0; i<pairs.length; i++){
    var pair = pairs[i].split("=");
	if(pair[0].indexOf('_iub_cs-s') !== -1 || pair[0].indexOf('_iub_cs') !== -1 ) {
    	return true;
    }
  }
  return false;
}
var checkCookie = true;
var checkCookieInterval = setInterval(function(){
	if(iubendaConsentGiven()){
		console.log('ok');
		clearInterval(checkCookieInterval);
    }
}, 1000);

G Suite: Gmail and Inbox crashing. Solved

Just installed G Suite, launched Gmail / Inbox and … crash? Seems that it is related to the fact that G Suite cannot use Chrome process.

So tried to install Chrome ( G Suite version ), everything seems ok and working now. Solved.

09-29 23:06:14.531 9281 9281 I WebViewFactory: Loading com.android.chrome version 61.0.3163.98 (code 316309852)
09-29 23:06:14.580 9281 9281 I cr_LibraryLoader: Time to load native libraries: 4 ms (timestamps 8515-8519)
09-29 23:06:14.592 9281 9281 I chromium: [INFO:library_loader_hooks.cc(136)] Chromium logging enabled: level = 0, default verbosity = 0
09-29 23:06:14.592 9281 9281 I cr_LibraryLoader: Expected native library version number "61.0.3163.98", actual native library version number "61.0.3163.98"
09-29 23:06:14.610 9281 9437 W cr_ChildProcLH: Create a new ChildConnectionAllocator with package name = com.android.chrome, sandboxed = true
09-29 23:06:14.625 9281 9437 E bta : bzc Uncaught Android Crash on thread Chrome_ProcessLauncherThread with tid 3396 on version 1.56.168919525.release
09-29 23:06:14.625 9281 9437 E bta : java.lang.RuntimeException: Could not get application info.
09-29 23:06:14.625 9281 9437 E bta : at org.chromium.base.process_launcher.ChildConnectionAllocator.create(ChildConnectionAllocator.java:11)
09-29 23:06:14.625 9281 9437 E bta : at org.chromium.content.browser.ChildProcessLauncherHelper.getConnectionAllocator(ChildProcessLauncherHelper.java:71)
09-29 23:06:14.625 9281 9437 E bta : at org.chromium.content.browser.ChildProcessLauncherHelper$2.run(ChildProcessLauncherHelper.java:8)
09-29 23:06:14.625 9281 9437 E bta : at android.os.Handler.handleCallback(Handler.java:751)
09-29 23:06:14.625 9281 9437 E bta : at android.os.Handler.dispatchMessage(Handler.java:95)
09-29 23:06:14.625 9281 9437 E bta : at android.os.Looper.loop(Looper.java:154)
09-29 23:06:14.625 9281 9437 E bta : at android.os.HandlerThread.run(HandlerThread.java:61)
09-29 23:06:14.628 9281 9281 I cr_BrowserStartup: Initializing chromium process, singleProcess=false
09-29 23:06:14.629 9281 9437 E AndroidRuntime: FATAL EXCEPTION: Chrome_ProcessLauncherThread
09-29 23:06:14.629 9281 9437 E AndroidRuntime: Process: com.google.android.apps.inbox, PID: 9281
09-29 23:06:14.629 9281 9437 E AndroidRuntime: java.lang.RuntimeException: Could not get application info.
09-29 23:06:14.629 9281 9437 E AndroidRuntime: at org.chromium.base.process_launcher.ChildConnectionAllocator.create(ChildConnectionAllocator.java:11)
09-29 23:06:14.629 9281 9437 E AndroidRuntime: at org.chromium.content.browser.ChildProcessLauncherHelper.getConnectionAllocator(ChildProcessLauncherHelper.java:71)
09-29 23:06:14.629 9281 9437 E AndroidRuntime: at org.chromium.content.browser.ChildProcessLauncherHelper$2.run(ChildProcessLauncherHelper.java:8)
09-29 23:06:14.629 9281 9437 E AndroidRuntime: at android.os.Handler.handleCallback(Handler.java:751)
09-29 23:06:14.629 9281 9437 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:95)
09-29 23:06:14.629 9281 9437 E AndroidRuntime: at android.os.Looper.loop(Looper.java:154)
09-29 23:06:14.629 9281 9437 E AndroidRuntime: at android.os.HandlerThread.run(HandlerThread.java:61)

Vanilla JavaScript Document Ready

Document.prototype.ready = function(callback) {
if(callback && typeof callback === 'function') {
document.addEventListener("DOMContentLoaded", function() {
if(document.readyState === "interactive" || document.readyState === "complete") {
return callback();
}
});
}
};
// usage
document.ready(function() { alert('ok!'); });

view raw
DOM-Ready.js
hosted with ❤ by GitHub

XSS scripting and pgp.mit.edu

What is a XSS attack?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

source Wikipedia

 

If you use Thunderbird and plugins like Enigmail you have the option to import all PGP keys related to email addresses that are present in your address book.

First of all you need is to specify a key server, like pgp.mit.edu, then the plugin, for every single email address, will look for corresponding PGP key and will prompt you if you want to import results.

But, some times, the key is not what you’ll expect.

Some entries contains invalid data, and to be more specific, can contain malicious code.

If you request these entries in the lookup form, the output html can contain this code and execute javascript functions, redirects, XSS attacks, ecc.

In conclusion

Keep your eyes open, and avoid mass import of PGP keys.