Stopping XSS and CSRF: who's responsible for what

Y2F0dGVyIGFjcm9zcyBjbGllbnQsIHNlcnZlciwgYW5kIGJyb3dzZXIuIEhlcmUncyB0aGUgc3BsaXQgd2l0aCBjb25jcmV0ZSByZWNpcGVzIGZvciBib3RoLiIKLS0tCgpZb3UncmUgbG9nZ2VkIGludG8gYGJhbmsuY29tYC4gSW4gYW5vdGhlciB0YWIgeW91IG9wZW4gYGV2aWwuY29tYC4gVGhlIHBhZ2UgY29udGFpbnM6CgpgYGBodG1sCjxpbWcgc3JjPSJodHRwczovL2JhbmsuY29tL3RyYW5zZmVyP3RvPWV2aWwmYW1vdW50PTEwMDAiPgpgYGAKCllvdXIgYnJvd3NlciBpc3N1ZXMgYSByZXF1ZXN0IHRvIGBiYW5rLmNvbWAuIEl0IHNlbmRzIHlvdXIgYGJhbmsuY29tYCBzZXNzaW9uIGNvb2tpZSBhbG9uZywgYmVjYXVzZSB0aGF0J3Mgd2hhdCBicm93c2VycyBkbyBmb3IgYW55IHJlcXVlc3QgdG8gdGhhdCBvcmlnaW4uIFRoZSB0cmFuc2ZlciBnb2VzIHRocm91Z2guCgpUaGF0J3MgQ1NSRi4gWW91IGRpZG4ndCBjbGljayBhbnl0aGluZy4gVGhlIGF0dGFja2VyIGJvcnJvd2VkIHlvdXIgYXV0aGVudGljYXRlZCBzZXNzaW9uIGJ5IHRyaWNraW5nIHlvdXIgYnJvd3NlciBpbnRvIG1ha2luZyBhIHJlcXVlc3QuCgotLS0KCk5vdyBhIGRpZmZlcmVudCBzY2VuYXJpby4gWW91IHZpc2l0IGBmb3J1bS5jb21gIGFuZCByZWFkIHNvbWVvbmUncyBjb21tZW50LiBUaGUgY29tbWVudCBjb250YWluczoKCmBgYGh0bWwKPHNjcmlwdD5mZXRjaCgnaHR0cHM6Ly9ldmlsLmNvbS9zdGVhbD9jPScgKyBkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+CmBgYAoKSWYgYGZvcnVtLmNvbWAgcmVuZGVyZWQgdGhlIGNvbW1lbnQgYXMgcmF3IEhUTUwgd2l0aG91dCBlc2NhcGluZywgdGhlIHNjcmlwdCBydW5zIGluc2lkZSBgZm9ydW0uY29tYCdzIG9yaWdpbi4gRnVsbCBhY2Nlc3MgdG8gaXRzIERPTSwgY29va2llcyAodW5sZXNzIGBIdHRwT25seWApLCBhbmQgbG9jYWxTdG9yYWdlLiBUaGUgYXR0YWNrZXIgcmVhZHMgeW91ciBzZXNzaW9uLgoKVGhhdCdzIFhTUy4gVGhlIGF0dGFja2VyIGluamVjdGVkIGNvZGUgdGhhdCBydW5zIGFzIGlmIGBmb3J1bS5jb21gIHdyb3RlIGl0LgoKLS0tCgojIyBUd28gYXR0YWNrcywgdHdvIHRocmVhdCBtb2RlbHMKCioqWFNTKio6IGNvZGUgSSBkaWRuJ3Qgd3JpdGUgcnVubmluZyBpbiBteSBvcmlnaW4uIEF0dGFja2VyIGRlbGl2ZXJzIHBheWxvYWQgdmlhIHN0b3JlZCBjb250ZW50IChjb21tZW50cywgcHJvZmlsZSBmaWVsZHMpLCByZWZsZWN0ZWQgVVJMIHBhcmFtZXRlcnMsIG9yIERPTSBtYW5pcHVsYXRpb24uIE9uY2UgaXQgcnVucywgaXQgaGFzIGZ1bGwgb3JpZ2luIHByaXZpbGVnZXM6IHJlYWQgbm9uLUh0dHBPbmx5IGNvb2tpZXMsIGxvY2FsU3RvcmFnZSwgcGFnZSBzdGF0ZS4gSXNzdWUgcmVxdWVzdHMgYXMgdXNlci4gVGhlIHRydXN0IGl0IGV4cGxvaXRzIGlzIHRoZSBwYWdlJ3MgdHJ1c3QgaW4gdXNlci1zdXBwbGllZCBjb250ZW50LgoKKipDU1JGKio6IG15IGJyb3dzZXIgc2VuZGluZyBhIHJlcXVlc3QgSSBkaWRuJ3QgaW50ZW5kLiBBdHRhY2tlciBjb250cm9scyBhIGRpZmZlcmVudCBvcmlnaW4sIGVtYmVkcyBzb21ldGhpbmcgKGltYWdlLCBmb3JtLCBmZXRjaCkgdGhhdCB0cmlnZ2VycyBhIHJlcXVlc3QgdG8gdGhlIHRhcmdldC4gQnJvd3NlciBhdHRhY2hlcyB0aGUgdGFyZ2V0J3MgY29va2llcyBhdXRvbWF0aWNhbGx5LCBzZXJ2ZXIgY2FuJ3QgdGVsbCBpdCdzIG5vdCBsZWdpdCBmcm9tIHRoZSBjb29raWUgYWxvbmUuIFRoZSB0cnVzdCBpdCBleHBsb2l0cyBpcyB0aGUgYnJvd3NlcidzIGF1dG9tYXRpYyBjb29raWUgYXR0YWNobWVudC4KCkRpZmZlcmVudCB0cnVzdCDihpIgZGlmZmVyZW50IGRlZmVuc2VzIOKGkiBkaWZmZXJlbnQgbGF5ZXJzLgoKLS0tCgojIyBBcmNoaXRlY3R1cmUgZGVjaWRlcyB0aGUgdGhyZWF0IHN1cmZhY2UKCkhvdyB5b3VyIGFwcCBhdXRoZW50aWNhdGVzIGRldGVybWluZXMgd2hpY2ggdGhyZWF0IGRvbWluYXRlcy4KCioqQ29va2llIHNlc3Npb25zKiogKHNlcnZlciBzZXRzIGEgc2Vzc2lvbiBjb29raWUsIGJyb3dzZXIgc2VuZHMgaXQgYXV0b21hdGljYWxseSBvbiBldmVyeSByZXF1ZXN0IHRvIHRoYXQgb3JpZ2luKToKCi0gVnVsbmVyYWJsZSB0byBDU1JGLiBBbnkgY3Jvc3Mtb3JpZ2luIHJlcXVlc3QgY2FuIGNhcnJ5IHlvdXIgY29va2llLgotIFhTUyBzdGlsbCBkYW5nZXJvdXMuIFJlYWRzIG5vbi1IdHRwT25seSBjb29raWVzLCBpc3N1ZXMgc2FtZS1vcmlnaW4gcmVxdWVzdHMgd2l0aCBmdWxsIHNlc3Npb24uCgoqKlRva2VuIGF1dGgqKiAoSldUIG9yIHNpbWlsYXIgaW4gYEF1dGhvcml6YXRpb25gIGhlYWRlcik6CgotIENTUkYgbGFyZ2VseSBnb2VzIGF3YXkuIE5vIGNvb2tpZSBhdXRvLWF0dGFjaGVzLCBzbyBhIGZvcmdlZCByZXF1ZXN0IGxhY2tzIGNyZWRlbnRpYWxzLgotIFhTUyBiZWNvbWVzIGV4aXN0ZW50aWFsLiBJZiB0aGUgdG9rZW4gc2l0cyBpbiBgbG9jYWxTdG9yYWdlYCwgYW4gWFNTIHBheWxvYWQgcmVhZHMgaXQgYW5kIGlzIG5vdyB0aGUgdXNlciwgb24gYW55IGRldmljZSwgdW50aWwgZXhwaXJ5LgoKTW9kZXJuIFNQQXMgb2Z0ZW4gdXNlIHRva2Vucy4gQXBwcyByZW5kZXJlZCBvbiB0aGUgc2VydmVyIHVzdWFsbHkgdXNlIGNvb2tpZXMuIEJvdGggc3RpbGwgZXhpc3QuIFRoZSBkZWZlbnNlIHJlY2lwZSBkaWZmZXJzLgoKLS0tCgojIyBYU1MgZGVmZW5zZXMsIGxheWVyZWQKCnwgTGF5ZXIgfCBXaG8gfCBXaGF0IHwKfC0tLXwtLS18LS0tfAp8IE91dHB1dCBlbmNvZGluZyB8IENsaWVudCB8IFVzZSB0aGUgZnJhbWV3b3JrJ3MgaW50ZXJwb2xhdGlvbiAoYHt2YWx1ZX1gKS4gU3RvcCByZWFjaGluZyBmb3IgYGlubmVySFRNTGAgLyBgZGFuZ2Vyb3VzbHlTZXRJbm5lckhUTUxgIC8gYHYtaHRtbGAuIHwKfCBTYW5pdGl6YXRpb24gfCBDbGllbnQgfCBET01QdXJpZnkuIERvbid0IHJvbGwgeW91ciBvd24uIHwKfCBDb250ZW50IFNlY3VyaXR5IFBvbGljeSB8IFNlcnZlciB8IGBzY3JpcHQtc3JjICdzZWxmJyAnbm9uY2UtUkFORE9NJ2AuIEJyb3dzZXIgcmVmdXNlcyBhbnl0aGluZyBlbHNlLiB8CnwgSHR0cE9ubHkgY29va2llcyB8IFNlcnZlciB8IGBTZXQtQ29va2llOiAuLi47IEh0dHBPbmx5YC4gSlMgY2FuJ3QgcmVhZCBpdC4gPG1hcms+Q2F2ZWF0IGJlbG93LjwvbWFyaz4gfAp8IFN0b3JlZCBjb250ZW50IHNhbml0aXphdGlvbiB8IFNlcnZlciB8IENsZWFuIG9uIGlucHV0LiBDbGVhbiBvbiBvdXRwdXQgdG9vLiBCZWx0IGFuZCBzdXNwZW5kZXJzLiB8CnwgYFgtQ29udGVudC1UeXBlLU9wdGlvbnNgIHwgU2VydmVyIHwgYG5vc25pZmZgLiBCcm93c2VyIHN0b3BzIGd1ZXNzaW5nIHdoYXQgZmlsZXMgYXJlLCBzbyB5b3VyIGltYWdlIHVwbG9hZCBkb2Vzbid0IGdldCByZW5kZXJlZCBhcyBzY3JpcHQuIHwKfCBUcnVzdGVkIFR5cGVzIHwgQ2xpZW50ICsgU2VydmVyIHwgQ1NQIGRpcmVjdGl2ZSB0aGF0IGZvcmNlcyBIVE1MIGluamVjdGlvbiBzaW5rcyB0aHJvdWdoIGEgc2FuaXRpemVyLiBDYXRjaGVzIHRoZSBidWcgYmVmb3JlIHNoaXAuIHwKCkZpcnN0IHR3byByb3dzIGRvIDgwJSBvZiB0aGUgd29yay4gVGhlIHJlc3QgYXJlIGV4dHJhIHNhZmV0eSBuZXRzLgoKIyMjIENvbmNyZXRlOiBmcmFtZXdvcmsgYXV0by1lc2NhcGUKCmBgYGpzeAovLyBSZWFjdCwgc2FmZSBieSBkZWZhdWx0CjxkaXY+e3VzZXJJbnB1dH08L2Rpdj4KLy8gcmVuZGVycyA8c2NyaXB0PiBhcyBsaXRlcmFsIHRleHQKCi8vIFJlYWN0IGVzY2FwZSBoYXRjaCwgZGFuZ2Vyb3VzCjxkaXYgZGFuZ2Vyb3VzbHlTZXRJbm5lckhUTUw9e3sgX19odG1sOiB1c2VySW5wdXQgfX0gLz4KLy8gcmVuZGVycyA8c2NyaXB0PiBhcyBhIHJlYWwgdGFnLCBleGVjdXRlcwpgYGAKCmBgYHZ1ZQo8IS0tIFZ1ZSwgc2FmZSBieSBkZWZhdWx0IC0tPgo8ZGl2Pnt7IHVzZXJJbnB1dCB9fTwvZGl2PgoKPCEtLSBWdWUgZXNjYXBlIGhhdGNoIC0tPgo8ZGl2IHYtaHRtbD0idXNlcklucHV0IiAvPgpgYGAKCldoZW4geW91IHdyaXRlIHRoZSBzYWZlIGZvcm0sIHRoZSBmcmFtZXdvcmsgZXNjYXBlcyBgPGAsIGA+YCwgYCZgLCBgJ2AsIGAiYCBvbiBpbnNlcnRpb24uIFRoZSBpbmplY3RlZCBgPHNjcmlwdD5gIG5ldmVyIGJlY29tZXMgYSB0YWcuCgojIyMgQ29uY3JldGU6IENTUCB3aXRoIG5vbmNlCgpTZXJ2ZXIgc2VuZHM6CgpgYGAKQ29udGVudC1TZWN1cml0eS1Qb2xpY3k6IHNjcmlwdC1zcmMgJ3NlbGYnICdub25jZS1hYmMxMjMnCmBgYAoKRXZlcnkgbGVnaXRpbWF0ZSBgPHNjcmlwdD5gIHRhZyBpbiB0aGUgcmVzcG9uc2UgaGFzIGBub25jZT0iYWJjMTIzImAuIEluamVjdGVkIHNjcmlwdHMgZnJvbSBYU1Mgd29uJ3QgY2FycnkgdGhlIG5vbmNlLCBzbyB0aGUgYnJvd3NlciByZWZ1c2VzIHRvIGV4ZWN1dGUgdGhlbS4gTm9uY2Ugcm90YXRlcyBwZXIgcmVxdWVzdCwgc28gYW4gYXR0YWNrZXIgY2FuJ3QgY2FwdHVyZSBhbmQgcmV1c2UgaXQuCgojIyMgV2h5IFhTUyBjYW4ndCBqdXN0IGZha2UgdGhlIG5vbmNlCgpTZXJ2ZXIgbWFrZXMgdGhlIG5vbmNlLiBCcm93c2VyIHZlcmlmaWVzIGl0LiBBdHRhY2tlciBoYXMgbmVpdGhlci4KCldoZW4gdGhlIGJyb3dzZXIgcGFyc2VzIHRoZSByZXNwb25zZSwgaXQgY29waWVzIGVhY2ggYG5vbmNlYCBpbnRvIGFuIGludGVybmFsIHNsb3QgZm9yIENTUCBjaGVja3MsIHRoZW4gKip3aXBlcyB0aGUgYXR0cmlidXRlIGZyb20gSlMgcmVhZHMqKjoKCmBgYGpzCmRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoJ3NjcmlwdFtub25jZV0nKS5ub25jZSAgICAgICAgICAgICAgLy8gIiIKZG9jdW1lbnQucXVlcnlTZWxlY3Rvcignc2NyaXB0W25vbmNlXScpLmdldEF0dHJpYnV0ZSgnbm9uY2UnKSAvLyAiIgpgYGAKCk5vdGhpbmcgdG8gY29weSwgbm90aGluZyB0byBjbG9uZSwgbm90aGluZyB0byBndWVzcyBhZ2FpbnN0IGEgMTI4LWJpdCBwZXItcmVxdWVzdCByYW5kb20uIE5vbmNlIGhpZGluZyBzaGlwcGVkIGluIENocm9tZSA0OSAoMjAxNiksIEZpcmVmb3ggMzEsIFNhZmFyaSAxMS4gVW5pdmVyc2FsIHRvZGF5LgoKYGV2YWxgIGZhbWlseSAoYGV2YWxgLCBgbmV3IEZ1bmN0aW9uYCwgYHNldFRpbWVvdXQoc3RyaW5nKWApIGlzIGFsc28gYmxvY2tlZCBieSBkZWZhdWx0IENTUCBzaW5jZSBgJ3Vuc2FmZS1ldmFsJ2AgaXNuJ3Qgb24gdW5sZXNzIHlvdSBhc2sgZm9yIGl0LgoKT25seSBicmVha3MgaWYgeW91IG1pc2NvbmZpZ3VyZTogYCd1bnNhZmUtaW5saW5lJ2AgY2FuY2VscyBub25jZSBjaGVja3MsIGAndW5zYWZlLWV2YWwnYCBvcGVucyBldmFsLCBzdGF0aWMgb3IgbG93LWVudHJvcHkgbm9uY2UgaXMgcmVwbGF5YWJsZSwgYCdzdHJpY3QtZHluYW1pYydgIGNhbiBiZSBsZXZlcmFnZWQgdmlhIGEgY29udHJvbGxhYmxlIGxvYWRlci4gQWxsIGNvbmZpZyBidWdzLCBub3QgbWVjaGFuaXNtIGZsYXdzLgoKIyMjIEltcG9ydGFudDogSHR0cE9ubHkgbGltaXRzIGJsYXN0IHJhZGl1cywgZG9lcyBub3QgcHJldmVudCBYU1MKCioqYEh0dHBPbmx5YCBzdG9wcyBYU1MgZnJvbSByZWFkaW5nIHRoZSBjb29raWUgdmFsdWUuIEl0IGRvZXMgbm90IHN0b3AgWFNTIGZyb20gdXNpbmcgdGhlIHNlc3Npb24uKiogWFNTIGNhbiBzdGlsbCBydW4gYGZldGNoKCcvdHJhbnNmZXInLCAuLi4pYCBmcm9tIGluc2lkZSB0aGUgb3JpZ2luLCBhbmQgdGhlIGJyb3dzZXIgYXV0by1hdHRhY2hlcyB0aGUgSHR0cE9ubHkgY29va2llLiBUaGUgc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJlcXVlc3Qgbm9ybWFsbHkuCgp8IENhcGFiaWxpdHkgfCBXaXRob3V0IGBIdHRwT25seWAgfCBXaXRoIGBIdHRwT25seWAgfAp8LS0tfC0tLXwtLS18CnwgWFNTIHJlYWRzIGBkb2N1bWVudC5jb29raWVgIHwg4pyFIHwg4p2MIHwKfCBYU1MgZXhmaWx0cmF0ZXMgY29va2llIHRvIGF0dGFja2VyIHNlcnZlciB8IOKchSB8IOKdjCB8CnwgWFNTIGlzc3VlcyBhdXRoZW50aWNhdGVkIHJlcXVlc3RzIGluIHZpY3RpbSdzIGJyb3dzZXIgfCDinIUgfCDinIUgfAp8IEF0dGFjayBwZXJzaXN0cyBhZnRlciB2aWN0aW0gY2xvc2VzIHRoZSB0YWIgfCDinIUgfCDinYwgfAp8IENvb2tpZSByZXBsYXllZCBmcm9tIGEgZGlmZmVyZW50IGRldmljZSB8IOKchSB8IOKdjCB8CgpTZXQgYEh0dHBPbmx5YCBhbnl3YXkuIEl0IGNvbnZlcnRzIHBlcm1hbmVudCBjcmVkZW50aWFsIHRoZWZ0IGludG8gYSB0YWItbGlmZXRpbWUgc2Vzc2lvbiBoaWphY2ssIHdoaWNoIGlzIGEgbWVhbmluZ2Z1bCBkb3duZ3JhZGUuIEJ1dCBkb24ndCB0cmVhdCBpdCBhcyB0aGUgWFNTIGRlZmVuc2UuIFRoZSBhY3R1YWwgWFNTIGRlZmVuc2UgaXMgb3V0cHV0IGVuY29kaW5nICsgQ1NQLgoKIyMjIEltcG9ydGFudDogaW4tbWVtb3J5IHRva2VucyBhcmUgc3RpbGwgWFNTLXJlYWRhYmxlCgpQdXR0aW5nIGEgSldUIG9yIGFjY2VzcyB0b2tlbiBpbiBtZW1vcnkgKFp1c3RhbmQsIFJlYWN0IGNvbnRleHQsIHBsYWluIG1vZHVsZSB2YXJpYWJsZSkgaXMgKipiZXR0ZXIgdGhhbiBgbG9jYWxTdG9yYWdlYCwgbm90IHNhZmUgZnJvbSBYU1MqKi4gWFNTIHJ1bnMgaW4geW91ciBvcmlnaW4uIEFueSBKUy1yZWFjaGFibGUgc3RhdGUgaXMgcmVhY2hhYmxlOgoKYGBganMKLy8gWFNTIHBheWxvYWQsIGtub3dpbmcgdGhlIHN0b3JlCnVzZUF1dGhTdG9yZS5nZXRTdGF0ZSgpLnRva2VuCi8vIG9yIHNjYW5uaW5nIHRoZSBSZWFjdCBmaWJlciB0cmVlLCBvciBncmFiYmluZyBjbG9zdXJlcyB2aWEgRGV2VG9vbHMKYGBgCgpUaGUgYWR2YW50YWdlcyBvdmVyIGBsb2NhbFN0b3JhZ2VgIGFyZSByZWFsIGJ1dCB0aGV5J3JlIGFib3V0IGJsYXN0IHJhZGl1cywgbm90IGludmlzaWJpbGl0eToKCi0gKipIYXJkZXIgZm9yIGEgZ2VuZXJpYyBYU1MgdGVtcGxhdGUuKiogYGxvY2FsU3RvcmFnZS5nZXRJdGVtKCd0b2tlbicpYCB3b3JrcyBvbiBldmVyeSBzaXRlLiBSZWFkaW5nIGEgWnVzdGFuZCBzdG9yZSBuZWVkcyBrbm93bGVkZ2Ugb2YgdGhlIHN0b3JlJ3MgcmVmZXJlbmNlLCB3aGljaCB2YXJpZXMgcGVyIGFwcC4gRHJpdmUtYnkgWFNTIHBheWxvYWRzIGNvbGxlY3QgMTAwJSBvZiBgbG9jYWxTdG9yYWdlYCB0b2tlbnMsIG11Y2ggZmV3ZXIgaW4tbWVtb3J5IG9uZXMuCi0gKipEaWVzIHdpdGggdGhlIHRhYi4qKiBDbG9zZSB0YWIgb3IgcmVsb2FkLCBYU1MgZ29uZSwgYXR0YWNrZXIgbG9zZXMgdGhlIGhhbmRsZS4gYGxvY2FsU3RvcmFnZWAgc3Vydml2ZXMgcmVsb2Fkcywgc3RvbGVuIHRva2VucyByZXBsYXkgZnJvbSBhbnkgZGV2aWNlIHVudGlsIGV4cGlyeS4KClNhbWUgbG9naWMgYXMgYEh0dHBPbmx5YCBjb29raWVzOiBkcm9wICJwZXJtYW5lbnQgY3JlZGVudGlhbCBjYXB0dXJlZCIgZG93biB0byAidGFiLWxpZmV0aW1lIHNlc3Npb24gaGlqYWNrLiIgQ29tYmluZWQgd2l0aCBzaG9ydC1saXZlZCBhY2Nlc3MgdG9rZW5zICg1LTE1IG1pbikgYW5kIEh0dHBPbmx5IHJlZnJlc2ggY29va2llcywgdGhlIHJlYWwgZGFtYWdlIHdpbmRvdyBpcyBzbWFsbC4KClRva2VuIHN0b3JhZ2UgaXMgdGhlIHRhaWwgb2YgdGhlIGNoYWluLiBSZWFsIFhTUyBkZWZlbnNlIGlzIHN0aWxsIGZyYW1ld29yayBhdXRvLWVzY2FwZSArIENTUC4KCi0tLQoKIyMgQ1NSRiBkZWZlbnNlcywgbGF5ZXJlZAoKKipSZWFkIHRoaXMgZW50aXJlIHRhYmxlIGFzc3VtaW5nIFhTUyBpcyBhbHJlYWR5IHByZXZlbnRlZC4qKiBBbG1vc3QgZXZlcnkgQ1NSRiBkZWZlbnNlIGJlbG93IGNvbGxhcHNlcyBpZiBYU1MgbGFuZHMsIGJlY2F1c2UgWFNTIHJ1bnMgYXMgeW91ciBvcmlnaW4gYW5kIGNhbiByZWFkIHRva2VucyAvIERPTSAvIHN0YXRlIGRpcmVjdGx5LiBUaGUgIlN1cnZpdmVzIFhTUz8iIGNvbHVtbiBtYWtlcyB0aGF0IGRlcGVuZGVuY3kgdmlzaWJsZS4KCnwgTGF5ZXIgfCBXaG8gfCBXaGF0IHwgU3Vydml2ZXMgWFNTPyB8CnwtLS18LS0tfC0tLXwtLS18CnwgYFNhbWVTaXRlYCBjb29raWUgfCBCcm93c2VyICsgU2VydmVyIHwgQnJvd3NlciBkZWZhdWx0IHNpbmNlIENocm9tZSA4MCAoMjAyMCkgaXMgYExheGAuIEJsb2NrcyBjcm9zcy1zaXRlIHN1Yi1yZXNvdXJjZSByZXF1ZXN0cy4gU2V0IGl0IGV4cGxpY2l0bHkgYW55d2F5LiB8IE5vLiBYU1MgcnVucyBzYW1lLXNpdGUsIGNvb2tpZSBhdHRhY2hlcyBub3JtYWxseS4gfAp8IGBTYW1lU2l0ZT1TdHJpY3RgIHwgU2VydmVyIHwgRXZlbiB0b3AtbGV2ZWwgY3Jvc3Mtc2l0ZSBuYXZpZ2F0aW9uIHNraXBzIHRoZSBjb29raWUuIFVzZSBmb3IgYWRtaW4gLyBmaW5hbmNpYWwgZW5kcG9pbnRzLiB8IE5vLiBTYW1lIHJlYXNvbi4gfAp8IENTUkYgdG9rZW4gfCBDbGllbnQgKyBTZXJ2ZXIgfCBTZXJ2ZXIgcGxhbnRzIGEgdG9rZW4gaW4gdGhlIGZvcm0gLyByZXNwb25zZS4gU3RhdGUtY2hhbmdpbmcgcmVxdWVzdHMgbXVzdCBlY2hvIGl0IGJhY2suIGBldmlsLmNvbWAgY2FuJ3QgcmVhZCBpdCAoU09QKSwgY2FuJ3QgZm9yZ2UgaXQuIHwgTm8uIFhTUyByZWFkcyBpdCBmcm9tIHRoZSBET00gYW5kIGluY2x1ZGVzIGl0LiB8CnwgYE9yaWdpbmAgLyBgUmVmZXJlcmAgY2hlY2sgfCBTZXJ2ZXIgfCBMb29rIGF0IHRoZSBoZWFkZXIuIGBPcmlnaW46IGV2aWwuY29tYCBwb3N0aW5nIHRvIHlvdXIgYC90cmFuc2ZlcmA/IFJlamVjdC4gfCBOby4gWFNTIHJlcXVlc3RzIGNhcnJ5IHlvdXIgcmVhbCBgT3JpZ2luYC4gfAp8IFZlcmIgZGlzY2lwbGluZSB8IFNlcnZlciB8IEdFVCBuZXZlciBjaGFuZ2VzIHN0YXRlLiBJbWFnZSB0YWdzIGNhbiBmaXJlIEdFVCwgbm90IFBPU1QuIEZvcmNlcyBhdHRhY2tlcnMgdG8gd3JpdGUgbW9yZS4gfCBOby4gWFNTIGRvZXMgYW55IHZlcmIuIHwKfCBTa2lwIGNvb2tpZXMgfCBBcmNoaXRlY3R1cmUgfCBKV1QgaW4gYEF1dGhvcml6YXRpb25gIGhlYWRlci4gTm8gYXV0by1hdHRhY2gsIG5vIENTUkYgc3VyZmFjZS4gfCBObywgd29yc2UuIGBsb2NhbFN0b3JhZ2VgIEpXVCBpcyBvbmUgbGluZSBhd2F5IGZyb20gWFNTLiB8CnwgUmUtYXV0aCAvIE1GQSBvbiBzZW5zaXRpdmUgb3BzIHwgU2VydmVyICsgQ2xpZW50ICsgVXNlciB8IFJlLWVudGVyIHBhc3N3b3JkIC8gcHVzaCBhIGhhcmR3YXJlIGtleSAoV2ViQXV0aG4sIFRPVFApIGJlZm9yZSBoaWdoLWltcGFjdCBhY3Rpb25zLiB8ICoqWWVzLioqIFhTUyBjYW4ndCBmYWtlIGEgcGFzc3dvcmQgb3IgYSBoYXJkd2FyZSB0YXAgd2l0aG91dCB0aGUgaHVtYW4uIE9ubHkgbWVhbmluZ2Z1bCByZXNpZHVhbCBsYXllciBvbmNlIFhTUyBpcyBpbi4gfAoKIyMjIENvbmNyZXRlOiBTYW1lU2l0ZSBjb29raWUKCmBgYApTZXQtQ29va2llOiBzZXNzaW9uPS4uLjsgSHR0cE9ubHk7IFNlY3VyZTsgU2FtZVNpdGU9TGF4OyBQYXRoPS8KYGBgCgpMYXg6IHRvcC1sZXZlbCBuYXZpZ2F0aW9uIChjbGlja2luZyBhbiBlbWFpbCBsaW5rKSBjYXJyaWVzIHRoZSBjb29raWUuIENyb3NzLXNpdGUgc3ViLXJlc291cmNlIHJlcXVlc3RzIChpbWFnZSwgaWZyYW1lLCBmZXRjaCkgZG9uJ3QuIEtpbGxzIHRoZSBjbGFzc2ljIGA8aW1nIHNyYz0iYmFuay5jb20vdHJhbnNmZXIiPmAgQ1NSRi4KCmBgYApTZXQtQ29va2llOiBhZG1pbj0uLi47IEh0dHBPbmx5OyBTZWN1cmU7IFNhbWVTaXRlPVN0cmljdDsgUGF0aD0vCmBgYAoKU3RyaWN0OiBub3RoaW5nIGNyb3NzLXNpdGUgY2FycmllcyBpdC4gRXZlbiBjbGlja2luZyBhbiBlbWFpbCBsaW5rIHRvIHRoZSBhZG1pbiBwYW5lbCBtYWtlcyB0aGUgdXNlciBhcHBlYXIgbG9nZ2VkIG91dCwgZm9yY2luZyByZS1hdXRoLiBBbm5veWluZyBmb3IgdXNlcnMsIHNhZmVyIGZvciBzZW5zaXRpdmUgYXJlYXMuCgojIyMgQ29uY3JldGU6IENTUkYgdG9rZW4gKHN5bmNocm9uaXplciBwYXR0ZXJuKQoKU2VydmVyIHJlbmRlcnMgZm9ybToKCmBgYGh0bWwKPGZvcm0gYWN0aW9uPSIvdHJhbnNmZXIiIG1ldGhvZD0iUE9TVCI+CiAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iY3NyZl90b2tlbiIgdmFsdWU9ImFiYzEyMyI+CiAgLi4uCjwvZm9ybT4KYGBgCgpTZXJ2ZXIgc3RvcmVzIGBhYmMxMjNgIGFnYWluc3QgdGhlIHNlc3Npb24uIE9uIFBPU1QsIHNlcnZlciBjaGVja3MgYGNzcmZfdG9rZW5gIG1hdGNoZXMuIEF0dGFja2VyIG9uIGBldmlsLmNvbWAgY2FuJ3QgaXNzdWUgYSByZXF1ZXN0IHdpdGggdGhpcyB2YWx1ZSBiZWNhdXNlOgoKLSBUaGV5IGNhbid0IHJlYWQgYGJhbmsuY29tYCdzIHBhZ2UuIFNhbWUtT3JpZ2luIFBvbGljeSBibG9ja3MgcmVhZGluZyBjcm9zcy1vcmlnaW4gcmVzcG9uc2UgYm9kaWVzLgotIFRoZSB0b2tlbiBpc24ndCBhIGNvb2tpZS4gQ29va2llcyBhdXRvLWF0dGFjaCwgdGhpcyBpcyBhIHJlcXVlc3QgYm9keSBmaWVsZCB0aGF0IHRoZSBhdHRhY2tlciBtdXN0IHByb2R1Y2UgZXhwbGljaXRseS4KCiMjIyBDb25jcmV0ZTogT3JpZ2luIGNoZWNrCgpgYGAKUE9TVCAvdHJhbnNmZXIgSFRUUC8xLjEKSG9zdDogYmFuay5jb20KT3JpZ2luOiBodHRwczovL2V2aWwuY29tCkNvb2tpZTogc2Vzc2lvbj0uLi4KYGBgCgpTZXJ2ZXIgY2hlY2tzIGBPcmlnaW5gLiBgZXZpbC5jb21gIGRvZXNuJ3QgbWF0Y2ggYGJhbmsuY29tYCwgcmVqZWN0LiBDaGVhcCwgc2luZ2xlIGxpbmUgb2YgbWlkZGxld2FyZSwgZG9lc24ndCByZXF1aXJlIHRva2VuIHN0b3JhZ2UuIFRyYWRlIG9mZjogc29tZSBsZWdpdGltYXRlIGNsaWVudHMgb21pdCBgT3JpZ2luYCAob2xkZXIgYnJvd3NlcnMsIHNlcnZlciB0byBzZXJ2ZXIgY2FsbHMpLCBzbyBoYW5kbGUgZ3JhY2VmdWxseS4KCi0tLQoKIyMgUmVzcG9uc2liaWxpdHkgc3BsaXQKCnwgVGhyZWF0IHwgQ2xpZW50IG93bnMgfCBTZXJ2ZXIgb3ducyB8IEJyb3dzZXIgaGFuZGxlcyB8CnwtLS18LS0tfC0tLXwtLS18CnwgKipYU1MqKiB8IEF1dG8tZXNjYXBlIG9uIHJlbmRlci4gQXZvaWQgYGlubmVySFRNTGAuIFNhbml0aXplIHdoZW4gbXVzdCByZW5kZXIgSFRNTC4gVXNlIFRydXN0ZWQgVHlwZXMgcG9saWN5IGlmIGF2YWlsYWJsZS4gfCBDU1Agd2l0aCBub25jZS4gU2FuaXRpemUgc3RvcmVkIGlucHV0LiBgSHR0cE9ubHlgIGNvb2tpZXMuIGBYLUNvbnRlbnQtVHlwZS1PcHRpb25zOiBub3NuaWZmYC4gfCBFbmZvcmNlcyBDU1AsIGJsb2NrcyBpbmxpbmUgc2NyaXB0cyB0aGF0IHZpb2xhdGUuIFJlc3BlY3RzIG5vc25pZmYuIHwKfCAqKkNTUkYqKiB8IFNlbmQgQ1NSRiB0b2tlbiBpbiBoZWFkZXJzIG9yIGJvZHkuIEF2b2lkIEdFVCBmb3Igc3RhdGUgY2hhbmdlcy4gfCBFeHBsaWNpdCBgU2FtZVNpdGVgIG9uIGNvb2tpZXMuIElzc3VlIGFuZCB2ZXJpZnkgQ1NSRiB0b2tlbnMuIENoZWNrIGBPcmlnaW5gLiBSZWplY3QgR0VUIGZvciBzdGF0ZSBjaGFuZ2VzLiB8IERlZmF1bHQgYFNhbWVTaXRlPUxheGAgc2luY2UgMjAyMC4gQXR0YWNoZXMgY29va2llcyB0byBzYW1lLXNpdGUgcmVxdWVzdHMgYXV0b21hdGljYWxseS4gfAoKVGhlIGJyb3dzZXIgZG9lcyBzb21lIHdvcmsgZm9yIGJvdGgsIGJ1dCBpdCdzIGEgYmFja3N0b3AuIERvbid0IGRlcGVuZCBvbiBicm93c2VyIGRlZmF1bHRzIGFsb25lLiBPbGRlciBicm93c2VycywgZW1iZWRkZWQgd2Vidmlld3MsIGV4dGVuc2lvbnMsIGFuZCBsb2NhbGhvc3QgY29udGV4dHMgY2FuIGJlaGF2ZSBkaWZmZXJlbnRseS4KCi0tLQoKIyMgV2h5IFhTUyBkb21pbmF0ZXMKClRoZSBDU1JGIGRlZmVuc2UgdGFibGUgYWJvdmUgYWxyZWFkeSBzaG93cyBpdDogZXZlcnkgc3RhbmRhcmQgQ1NSRiBsYXllciBjb2xsYXBzZXMgdW5kZXIgWFNTLiBUaGUgb25seSByZXNpZHVhbCBwcm90ZWN0aW9uIGlzIG91dC1vZi1iYW5kIHJlLWF1dGggKHBhc3N3b3JkIHByb21wdCwgTUZBKSwgYmVjYXVzZSBYU1MgY2FuJ3Qgc3VwcGx5IGNyZWRlbnRpYWxzIGl0IGRvZXNuJ3QgaGF2ZS4KClByYWN0aWNhbCBwcmlvcml0eToKCjEuICoqU3RvcCBYU1MgZmlyc3QuKiogRnJhbWV3b3JrIGF1dG8tZXNjYXBlICsgQ1NQICsgSHR0cE9ubHkgKyBzYW5pdGl6ZSBzdG9yZWQgaW5wdXQgKyBub3NuaWZmLgoyLiAqKlRoZW4gbGF5ZXIgQ1NSRiBkZWZlbnNlcyBvbiB0b3AuKiogU2FtZVNpdGUgKyB0b2tlbiArIE9yaWdpbiBjaGVjay4gVGhlc2UgYWRkIHZhbHVlIG9ubHkgd2hlbiBYU1MgaXMgYWxyZWFkeSBwcmV2ZW50ZWQuCjMuICoqRm9yIGhpZ2gtc3Rha2VzIG9wZXJhdGlvbnMsIGFkZCByZS1hdXRoIG9yIE1GQS4qKiBUaGlzIGlzIHRoZSBvbmx5IGxheWVyIHRoYXQgc3Vydml2ZXMgYSBzdWNjZXNzZnVsIFhTUywgYnkgZGVwZW5kaW5nIG9uIHNvbWV0aGluZyBYU1MgY2FuJ3QgZmFrZS4KCkEgc2l0ZSB3aXRoIGdyZWF0IENTUkYgZGVmZW5zZXMgYW5kIG5vIFhTUyBwcm90ZWN0aW9uIGlzIGEgaG91c2Ugd2l0aCBhIGxvY2tlZCBmcm9udCBkb29yIGFuZCBvcGVuIHdpbmRvd3MuIFRoZSBhdHRhY2tlciB3YWxrcyB0aHJvdWdoIGEgd2luZG93IGFuZCB1bmxvY2tzIHRoZSBkb29yIGZyb20gaW5zaWRlLgoKLS0tCgojIyBXaGF0IEknZCBkbyB0b2RheQoKRm9yIGEgY29va2llIHNlc3Npb24gYXBwOgoKYGBgClNldC1Db29raWU6IHNlc3Npb249Li4uOyBIdHRwT25seTsgU2VjdXJlOyBTYW1lU2l0ZT1MYXg7IFBhdGg9LwpDb250ZW50LVNlY3VyaXR5LVBvbGljeTogZGVmYXVsdC1zcmMgJ3NlbGYnOyBzY3JpcHQtc3JjICdzZWxmJyAnbm9uY2UtUkFORE9NJwpYLUNvbnRlbnQtVHlwZS1PcHRpb25zOiBub3NuaWZmCmBgYAoKUGx1czogZnJhbWV3b3JrIGF1dG8tZXNjYXBlIGV2ZXJ5d2hlcmUuIERPTVB1cmlmeSBpZiByZW5kZXJpbmcgdXNlciBIVE1MLiBDU1JGIHRva2VuIG9uIHN0YXRlLWNoYW5naW5nIFBPU1QgLyBQVVQgLyBERUxFVEUuIE9yaWdpbiBjaGVjayBhcyBjaGVhcCBzZWNvbmQgbGF5ZXIuCgpGb3IgYSBKV1QgaW4gaGVhZGVyIFNQQToKCi0gVG9rZW4gaW4gbWVtb3J5LCBub3QgYGxvY2FsU3RvcmFnZWAuIFJlZnJlc2ggdmlhIEh0dHBPbmx5IHJlZnJlc2ggY29va2llLgotIFNhbWUgQ1NQIGFuZCBjb250ZW50LXR5cGUtb3B0aW9ucyBhcyBhYm92ZS4KLSBObyBDU1JGIHRva2VucyBuZWVkZWQgd2hlbiB0aGVyZSdzIG5vIGNvb2tpZSBhdXRoLiBJZiBhbnkgY29va2llIGF1dGggcmVtYWlucywgdHJlYXQgdGhhdCBwYXJ0IGFzIGNvb2tpZSBhcHAuCgpUaGUgYXN5bW1ldHJ5OiAqKlhTUyBwcm90ZWN0aW9uIGlzIG1vc3RseSBzZXJ2ZXIgb3duZWQqKiAoQ1NQLCBIdHRwT25seSwgc2FuaXRpemF0aW9uKSB3aXRoIGNsaWVudCBmcmFtZXdvcmsgZGlzY2lwbGluZSBhcyB0aGUgZm91bmRhdGlvbi4gKipDU1JGIHByb3RlY3Rpb24gaXMgc2hhcmVkKiogYWNyb3NzIHNlcnZlciwgY2xpZW50LCBhbmQgYnJvd3NlciwgYW5kIHRoZSBicm93c2VyIG5vdyBkb2VzIGEgbWVhbmluZ2Z1bCBjaHVuayB2aWEgYFNhbWVTaXRlPUxheGAgZGVmYXVsdC4KCi0tLQoKIyMgUmVmZXJlbmNlcwoKLSBbT1dBU1AgWFNTIFByZXZlbnRpb24gQ2hlYXQgU2hlZXRdKGh0dHBzOi8vY2hlYXRzaGVldHNlcmllcy5vd2FzcC5vcmcvY2hlYXRzaGVldHMvQ3Jvc3NfU2l0ZV9TY3JpcHRpbmdfUHJldmVudGlvbl9DaGVhdF9TaGVldC5odG1sKQotIFtPV0FTUCBDU1JGIFByZXZlbnRpb24gQ2hlYXQgU2hlZXRdKGh0dHBzOi8vY2hlYXRzaGVldHNlcmllcy5vd2FzcC5vcmcvY2hlYXRzaGVldHMvQ3Jvc3MtU2l0ZV9SZXF1ZXN0X0ZvcmdlcnlfUHJldmVudGlvbl9DaGVhdF9TaGVldC5odG1sKQotIFtDb250ZW50IFNlY3VyaXR5IFBvbGljeSAoTUROKV0oaHR0cHM6Ly9kZXZlbG9wZXIubW96aWxsYS5vcmcvZW4tVVMvZG9jcy9XZWIvSFRUUC9DU1ApCi0gW1NhbWVTaXRlIGNvb2tpZXMgZXhwbGFpbmVkICh3ZWIuZGV2KV0oaHR0cHM6Ly93ZWIuZGV2L2FydGljbGVzL3NhbWVzaXRlLWNvb2tpZXMtZXhwbGFpbmVkKQotIFtUcnVzdGVkIFR5cGVzICh3ZWIuZGV2KV0oaHR0cHM6Ly93ZWIuZGV2L2FydGljbGVzL3RydXN0ZWQtdHlwZXMpCg==