php – Injection inside double quoted section of script element

For a test to find vulnerabilities I found the following code in a page and I am looking for ways to manipulate it:

<script>
    func({
     "key1": "value",
     "object": {
         "key2": "value",
         "key3": "<?php echo htmlspecialchars($_GET('param')); ?>",
         "key4": "value",
     }
    }, "string");
</script>

Document is UTF-8 and default parameters for htmlspecialchars are used so &quot; &lt; &gt; &amp; are converted but ', and newlines are not. htmlspecialchars can cause issues inside a script tag but is it actually possible in this case to escape the double quotes and either inject executable javascript code or manipulate the object by changing or adding keys/values?

What I have tried is to make param have a at the end which escapes the double quote but that just causes a SyntaxError because the line ends after it.

So other than making the entire script fail is there a way?

email – Is there some way to reliably strip away all “quoted text” parts of both plaintext and HTML-based e-mails?

I’m trying to interpret responses from people via e-mail.

If this had been the year 1985 or something, it would be easy: I would just strip any line beginning with > , and that would be it.

However, the year is 2020 and e-mail is an absolute mess of multiple layers of madness. For one thing, many e-mails aren’t plaintext at all, but instead use HTML formatting, and I very strongly doubt that these consistently use <blockquote>s for quotes. I fear that there are numerous different styles of quotes and markup used for HTML e-mail quotes.

Even plaintext e-mails may not consistently use > quotes.

This immediately strikes me as something I do not wish to sit and attempt to code on my own. Is there some existing, reliable PHP library/function for this task?

I already use MailMimeParse, but it doesn’t appear to have this feature. Its job appears to be all about parsing the MIME blobs into plaintext/HTML bodies — not to do anything further with these, once properly extracted.

To make it crystal clear: I’m trying to turn this:

I shall have the business proposal ready tomorrow.
OK. Great.

Into:

OK. Great.

And:

<whateverunknownmarkup>I shall have the business proposal ready tomorrow.</whateverunknownmarkup>

OK. Great.

Into:

OK. Great.

Of course, those are just basic examples. These can be nested in many levels, etc.

I don’t know how the most popular e-mail clients and e-mail services do this, but it feels like yet another task which has been solved in private a million times but never released to the public.

hard drive – Just received a quote to repair an HDD that went bad on my old laptop 5-6 years ago. Was quoted ~$1750 to retrieve data, really? Is this a rip off?

About 5 or 6 years ago I had a laptop HDD go bad on me (wouldn’t boot anymore). I removed the HDD and have had it stored away since then because it has almost all of our pictures/videos of my son’s very early years. It is very important to my wife and me, obviously.

Recently I tried to connect it to my PC using a SATA cable, but I could not get BIOS to recognize the disk exists. I can hear/feel the HDD spin, but no matter what connections I used I could not get BIOS to see it.

Considering the importance of the data I sent it to werecoverdata.com and paid a $95 diagnostics fee.

The quote I was provided was $1750, (the cheapest of the time frame options). I asked what the issues were and this is what I was told: “The hard drive is unstable and has System Area issue.”

I’ve done some googling and see a lot of references to programs that allegedly fix unstable sectors, which I’m assuming is what “unstable” means. System Area doesn’t mean much to me.

Ultimately I need the data off of the HDD, but $1750 seems pretty steep, especially if they just run some program I can download for $50 to get the data off.

I could really use some other opinions, ideas, thoughts on this price.

mail.app – Mail: Signature over quoted text

In the Apple Mail app, I want my signature to be inserted above the quoted text when I reply to or forward a message. However, I also have to choose from multiple signatures when composing instead of mail automatically inserting my signature. I chose "Put signature on quoted text". This works as expected when I write in the "rich text". However, if I select a signature in the message window when writing in plain text format, the signature will appear below the quoted text. Is there a way to get Mail to do what I want?

magento2 – Magento 2 Option to add the text "taxes included" in the product view if the price is quoted with tax

Is there an option in Magento 2.2+ to display the text "Tax included" in the product view if the value of the product contains the tax or the topic needs to be changed?

Or another way to tell customers that the price displayed in the product view includes taxes?

Show Magento2 label on the product page if the price is quoted with or without VAT

In the EU you have to go to the labeling, if a price incl. or excl. Taxes in the shop frontend. If you run different shops in which you have both settings, this could be done with different custom translation strings that are specific to each business view.
Magento has the information as to whether a price is incl. Or excluding VAT. But the question is how to encode it. In Magento1 I solved it with the following code, but so far I have no idea how to do it with Magento2:

getStore()
           );?>
   
    __('Incl. Tax') ?> 

    __('Excl. Tax') ?> 

Any ideas? Thanks a lot!

Quoted links in the Google search results are not colored differently in Safari under macOS

In Safari 12.1.1 for MacOS (or possibly since version 12.0), I have lost the ability to see results from Google that I've already clicked. The links to visited websites do not differ from those not visited.

However, the distinction remains visible in both Chrome 74.0 and Firefox 67.0.

What do I miss?