Posted in General, JavaScript, Snippets, Web Development

How To Flip Text upside down and then backwards

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “”&gt;
<html xmlns=””&gt;
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<script type=”text/javascript”>
function flip() {
var result = flipString(document.f.original.value.toLowerCase());
document.getElementById(“results”).innerHTML = result;

function flipString(aString) {
var last = aString.length – 1;
var result = new Array(aString.length)
for (var i = last; i >= 0; –i) {
var c = aString.charAt(i)
var r = flipTable[c]
result[last – i] = r ? r : c
return result.join(”)

var flipTable = {
a : ‘\u0250’,
b : ‘q’,
c : ‘\u0254’,
d : ‘p’,
e : ‘\u01DD’,
f : ‘\u025F’,
g : ‘\u0183’,
h : ‘\u0265’,
i : ‘\u0131’,
j : ‘\u027E’,
k : ‘\u029E’,
//l : ‘\u0283’,
m : ‘\u026F’,
n : ‘u’,
r : ‘\u0279’,
t : ‘\u0287’,
v : ‘\u028C’,
w : ‘\u028D’,
y : ‘\u028E’,
‘.’ : ‘\u02D9’,
‘[‘ : ‘]’,
‘(‘ : ‘)’,
‘{‘ : ‘}’,
‘?’ : ‘\u00BF’,
‘!’ : ‘\u00A1’,
“\'” : ‘,’,
‘<‘ : ‘>’,
‘_’ : ‘\u203E’,
‘\u203F’ : ‘\u2040’,
‘\u2045’ : ‘\u2046’,
‘\u2234’ : ‘\u2235’,
‘\r’ : ‘\n’

for (i in flipTable) {
flipTable[flipTable[i]] = i


<form name=”f”>
<h3>Type Below</h3>
<textarea id=”clickcode” rows=”5″ cols=”50″ name=”original” onkeyup=”flip()”>Write your text in here!</textarea>
<div id=”results”></div>


Posted in JavaScript, JavaScript - native, Mobile Development, Snippets, Web Development

View source code on an Android device.

Leadbolt does everything humanly possible to hide their code from you. But not today my friends. I made it my mission to hack it so that I could enforce my own styles against the content.

If you are developing an android HTML5 app, simply place the JavaScript code I am about to give you below as the last thing before the closing body tag, and the Leadbolt ad code will be expose.


Run your code directly in any android browser. This will launch a JavaScript popup within your android application that reveals the rendered HTML tag source code.

Have fun, I’m sure this might work with all types of JavaScript based ad services for android devices.

Posted in Coldfusion, JavaScript, JavaScript - native, Snippets, Web Development

Escape an iFrame after a session logs out

Here is an example of how I escape an iFrame when my log in page is loaded.

So let me set the stage first.

I have an app that uses iFrames (very old app that I didn’t build). In my ColdFusion Application.cfc I tell the app to force the log in screen once a session has expired. So to avoid the iFrame from loading the log in screen my task is to tell the log in screen to check if it’s within an iFrame. If the page is within an iFrame I want the parent page to reload. By default my iFrames will be gone and the parent page will fail the session check. Hence forcing the parent page to display the log in as anticipated.

Place the following code on your log in screen or whatever screen you wish to have escape the iFrame.

    var iFramed= (window.location != window.parent.location) ? true : false;
    if(iFramed == true){
        alert('Your Session has expired. Please log in again.');
        window.parent.location.href = "index.cfm";

The target file to load into the parent window is in my case index.cfm. Your can of course point to any target you wish. Perhaps login.cfm or what ever suits.

Posted in Coldfusion, Snippets, Web Development

Prevent brute force attacks

Check to see if the login was successful. you can apply your own variable here. Obviously all variable names

<cfif [login successful...]>
	Do something since you've successfully logged in.
	<cfparam name="session.FailedLogin" default="0" >
	<cfset session.FailedLogin = session.FailedLogin+1>
	<cfif session.FailedLogin gt 10>
	<cfset createObject("java", "java.lang.Thread").sleep(JavaCast("int", session.FailedLogin*500))>
Posted in Coldfusion, Snippets, Web Development

XSS Additional Protection

This is a snippet of code from one of my applications. It’s not a stop-all, but it’s a good start.

//XSS protection
   whiteListReserved = "!|*|'|(|)|;|:|@|&|=|+|$|,|/|?|%|##|[|]";
   whiteListUnreserved = "A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z|a|b|c|d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t|u|v|w|x|y|z|0|1|2|3|4|5|6|7|8|9|-|_|.|~";
   whiteList = listappend(whiteListReserved,whiteListUnreserved,"|");
   qString = URLDecode(cgi.query_string);

   for(i=1;i lte Len(qString);i++){
    Get the character at the given index. The ColdFusion Mid() function takes the string, the starting index
    and the number of characters to return. In this case, we only want one character, so the length is one.
    strChar = Mid(qString, i, 1 );
    if (listFind(whiteList,strChar,"|") eq 0){
     writeOutput("<script type='text/javascript'>alert('#strChar# is in violation of xss rules.');</script>");
     //Here I have a session variable that I toggle based on a user being authenticated. not super relevant to this posting.
     Session.isAuthenticated = 0;
     url.msg = "There is a security violation within your request. Your session has been reset. Please log back in.";
Posted in Coldfusion, Snippets, Web Development

Restarting your Coldfusion Application without restarting ColdFusion

To restart you application place the following line of code in your Application.cfc within the OnRequestStart function.


Now anytime you pass the URL string “restart” your application will restart. Obviously you can use whatever method you chose, but this will point you in the right direction.