Open html page from assets using WebView in ionic2


Angular2 unsafe resource URL in iFrame with DomSanitationService

after doing a lot of googling, I came to solve my issue by self.

here is waht I did to get it working-

  1. Remove complete get_page.servise.js,
  2. commented import of this file// import {GetPageService} from “./get_page.service”;
  3. Removed _gps: GetPageService, from constructor.
  4. removed ngOnInit() function

ngOnInit() {
    this._gps.getPage().subscribe(
        (data)=>{
          this.page = this.sanitizer.bypassSecurityTrustResourceUrl(data);
          //console.log(this.page);
        }
    )
  }
  1. Most important-

    Change all private as public in constructor as-

    constructor( public sanitizer: DomSanitizationService, public nav: NavController, navParams: NavParams )

My controller is as —

import {SafeResourceUrl, DomSanitizationService} from '@angular/platform-browser';
import { NavController, NavParams } from 'ionic-angular';
import { Component, ViewChild } from '@angular/core';
import { Http } from '@angular/http';
import { Slides } from 'ionic-angular';


@Component({
  templateUrl: 'build/pages/view/view.html',
})

export class ViewPage {

  //url: any;
  page: any;
  @ViewChild('mySlider') slider: Slides;

  constructor( public sanitizer: DomSanitizationService, public nav: NavController, navParams: NavParams ) {
    let url = navParams.get('url');
    this.page = this.sanitizer.bypassSecurityTrustResourceUrl(url);
    // this.url = navParams.get('url'); 
    // console.log(this.url);
  }
}

View page is still same as-

<iframe class= "webPage" [src]='page' width="100%" height="250" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen>

Hope this will help you too.

Advertisements

Ruby on Rails website Security Basic to be take care of…


Source o this article is available here.

Recently I have been working on my first Rails application, even though I have been working with Ruby for a number of years, this is the first time I’ve ever developed an application using the Rails framework. By trade, I’m a Security Tester, however, I do like to work on software projects in order to keep my skills sharp and practice what I preach.

Rails has some security features built in and enabled by default, however, I also recommend installing some additional Gems which cover security features Rails lacks by default. This article explains what are the basic Ruby on Rails built in security features and which are the gems I recommend intsalling.

Ruby on Rails Built in Security Features

I’m a great believer in secure by default and making security easy for developers. Some may argue that by making security easy, it will make developers pay less attention to security and possibly lead them to making more security mistakes. Kind of like a horse with blinkers on. In reality I think it is probably a balance, don’t make security invisible to the developer but instead make it just easy enough for them to implement correctly.

So be warned! Don’t just rely on Rail’s built in security features thinking that they offer a 100% effective way at mitigating the vulnerabilities they were designed to prevent against. Instead, learn how to use them correctly and know their limitations.

Preventing Cross-Site Scripting (XSS)

To help prevent Cross-Site Scripting (XSS) vulnerabilities we sanitise input and encode output using the correct encoding for the output context.

Sanitising Input

Rails makes sanitising input easy with its Model View Controller (MVC) design. Any data stored or retrieved from a database should pass through a Model, so this is a great place to sanitise our stored data. Using Active Record Validations within our models we can ensure that data is present and/or in a specific format.

You can also sanitise input/output within your View using the sanitize method. The sanitize method ‘will html encode all tags and strip all attributes that aren’t specifically allowed’. Let’s pass it a common XSS payload and see how it reacts:

<%= sanitize '<img src=x onerror=prompt(1)>' %>

The above will output:

<img src=“x”>

As we can see the sanitize method has allowed our img tag with the src attribute, but it has  removed the onerror event attribute. By default, if we don’t whitelist which tags/attributes we want, Rails will make that decision for us on what it believes is ‘safe’.

If we whitelist the src and onerror attributes, our XSS payload is executed:

<%= sanitize '<img src=x onerror=prompt(1)>', attributes: %w(src onerror) %>

The above will output:

<img src="x" onerror="prompt(1)">

Encoding Output

In modern versions of Rails, strings output in the View are automatically encoded. However, there may be occasions when you want to encode HTML output by yourself. The main output encoding method in rails is called html_escape, you can also use h() as an alias. The html_escape method ‘escapes html tag characters’.

Let’s pass it a common XSS payload and see how it reacts:

<%= html_escape '<img src=x onerror=prompt(1)>' %>

The above will output:

&lt;img src=x onerror=prompt(1)&gt;

As we can see the html_escape method has converted the < and > characters into html entities, ensuring the browser does not interpret them as markup.

This is the same output as we would see if we simply passed a string, thanks to Rails’s default encoding:

<%= "<img src=x onerror=prompt(1)>" %>

The above will output:

&lt;img src=x onerror=prompt(1)&gt;

But don’t forget what we said earlier! Just because modern versions of Rails encode strings in Views by default, does not mean that XSS can not happen. One example is within the href value of a link (using the link_to method).

Preventing Cross-Site Request Forgery (CSRF)

Modern versions of Rails protect against CSRF attacks by default by including a token named authenticity_token within HTML responses. This token is also stored within the user’s session cookie – when a request is received by Rails it checks one against the other. If they do not match, an error is raised.

It is important to note that Rails’s CSRF protection does not apply to GET requests. GET requests should not be used to change the application’s state anyway and should only be used to request resources.

Although enabled by default, you can double check that it’s enabled by seeing if the protect_from_forgery method is within the main ApplicationController.

Preventing SQL Injection

Rails uses an Object Relational Mapping (ORM) framework called ActiveRecord to abstract interactions with a database. ActiveRecord, in most cases, protects against SQL Injection by default, however, there are ways in which it can be used insecurely which can lead to SQL Injection.

Using ActiveRecord we can select the user with the supplied id and retrieve that user’s username:

User.find(params[:id]).username

The above will return the username of the user whose user id matches the one supplied via the params hash. Let’s take a look at the SQL query generated by the code above on the backend:

SELECT  "users".* FROM "users"  WHERE "users"."id" = ? LIMIT 1  [["id", 1]]

As we can see from the SQL query above, when using the find method on the User object ActiveRecord is binding id to the SQL statement. Protecting us from SQL Injection.
What if we wanted to select a user which matched a username and password, commonly seen in authentication forms. You might see something like this:

User.where("username = '#{username}' AND encrypted_password = '#{password}'").first

If we supply a username with the value ‘) OR 1– the corresponding SQL query on the backend becomes:

SELECT  "users".* FROM "users"  WHERE (username = '') OR 1--' AND encrypted_password = 'a')  ORDER BY "users"."id" ASC LIMIT 1

By injecting our specially crafted SQL, what we have done is told the database to return all rows from the users table where the username is null or true. This makes the SQL statement return true along with all of the data in the users table.

For some great examples of how not to use ActiveRecord, here’s a great resource which I suggest you check regularly to ensure you don’t have any of the examples within your code – http://rails-sqli.org/

Ruby on Rails Security Gems

As we have seen, Rails offers many built in security features to help protect our applications, data and users from web based attacks. But we also saw that these have their limitations. For security features that Rails does not offer by default there are always Gems, lots and lots of Gems. Here are some of my favourite.

devise

Devise is a popular authentication and authorisation Gem for Rails. It offers secure password storage using bcrypt to hash salted passwords. User lockouts, user registration, forgot password functionality and more.

Although Devise’s own README states “If you are building your first Rails application, we recommend you to not use Devise”, I would ignore this statement. If you’re security aware and have built applications in other frameworks before, I don’t see any issue with using Devise for your first Rails application.

URL: https://github.com/plataformatec/devise

brakeman

Brakeman is a Static Code Analysis tool for Rails applications. It searches your application’s source code for potential vulnerabilities. Although it does report the occasional False Positive, personally, I think this is a great Gem and one I would definitely recommend running against your application before going into production. Even better, run it after every commit.

URL: https://github.com/presidentbeef/brakeman

secure_headers

Developed by Twitter, SecureHeaders is a Gem that implements security related HTTP headers into your application’s HTTP responses. Headers such as Content Security Policy to help protect against Cross-Site Scripting (XSS) attacks, HTTP Strict Transport Security (HSTS) to ensure your site is only accessible over secure HTTPS, X-Frame-Options and others.

URL: https://github.com/twitter/secureheaders

rack-attack

Developed by Kickstarter, Rack::Attack is a Gem for blocking & throttling abusive requests.   Personally, I use Rack::Attack to prevent forms being abused, for example, instead of implementing a CAPTCHA on a submission form, I use Rack::Attack to ensure it is not submitted too many times in a short space of time. This should prevent automated tools from abusing the form submission. It also supports whitelisting and blacklisting of requests.

URL: https://github.com/kickstarter/rack-attack

codesake-dawn

Codesake::Dawn is similar to brakeman in that it scans your source code for potential vulnerabilities. However, Codesake::Dawn also has a database of known vulnerabilities which it uses to scan your Ruby, Rails and Gems for known issues.

URL: https://github.com/codesake/codesake-dawn

Ruby on Rails Code Quality Gems

Sloppy and messy code leads to bugs and some bugs may have security implications. Better quality code is more secure code. Let’s take a look at what Gems we can use to ensure our code is nice and clean.

rails_best_practices

The rails_best_practices Gem is a great Gem for ensuring your code is adhering to best practices. It will help you make your code more readable and eloquent by scanning through it and giving you suggestions on how to improve the syntax.

URL: https://github.com/railsbp/rails_best_practices

rubocop

Rubocop is not specific to Rails and can be used for any Ruby application. It uses the Ruby Style Guide as a reference to scan your code and ensure you adhere to it. Things like variable naming, method size, using outdated syntax, etc.

URL: https://github.com/bbatsov/rubocop

Have a nice day!!!

10 security tips to protect your website from hackers


Source of this article is as here.

 

You may not think your site has anything worth being hacked for, but websites are compromised all the time. The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature.

Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top 10 tips to help keep you and your site safe online.

01. Keep software up to date

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.

02. SQL injection

SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.

Consider this query:

"SELECT * FROM table WHERE column = '" + parameter + "';"

If an attacker changed the URL parameter to pass in ‘ or ‘1’=’1 this will cause the query to look like this:

"SELECT * FROM table WHERE column = '' OR '1'='1';"

Since ‘1’ is equal to ‘1’ this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

03. XSS

Cross site scripting is when an attacker tries to pass in JavaScript or other scripting code into a web form to attempt to run malicious code for visitors of your site. When creating a form always ensure you check the data being submitted and encode or strip out any HTML.

04. Error messages

Be careful with how much information you give away in your error messages. For example if you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right. If an attacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.

Keep your error messages vague

05. Server side validation/form validation

Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

06. Passwords

Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.

Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.

In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.

Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

07. File uploads

Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but it isn’t recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can’t be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

deny from all
    <Files ~ "^\w+\.(gif|jpe?g|png)$">
    order deny,allow
    allow from all
    </Files>

Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:

<img src="/imageDelivery.php?id=1234" />
     
<?php
      // imageDelivery.php
     
      // Fetch image filename from database based on $_GET["id"]
      ...
     
      // Deliver image to browser
       Header('Content-Type: image/gif');
      readfile('images/'.$fileName);  
     
?>

Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.

Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don’t have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.

If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.

If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed.

Finally, don’t forget about restricting physical access to your server.

09.SSL

SSL is a protocol used to provide security over the Internet. It is a good idea to use a security certificate whenever you are passing personal information between the website and web server or database. Attackers could sniff for this information and if the communication medium is not secure could capture it and use this information to gain access to user accounts and personal data.

Use an SSL certificate

10. Website security tools

Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.

There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers will use in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL injection.

Some free tools that are worth looking at:

  • Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS
  • OpenVAS. Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.

The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren’t a concern for your site.

If you wish to take things a step further then there are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.

So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then I would try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or to upload a server side script.

Use a debugging proxy to root out vulnerabilities

Hopefully these tips will help keep your site and information safe. Thankfully most CMSes have a lot of inbuilt website security features, but it is a still a good idea to have knowledge of the most common security exploits so you can ensure you are covered.

There are also some helpful modules available for CMSes to check your installation for common security flaws such as Security Review for Drupal and WP Security Scan for WordPress.

Why does (click) function not work sometimes in ionic / angular


This is very common problem, if you are using

tags then it may not work.

I some cases It works for two- tree clicks after that is won’t.

I was stuck in the same issue. after digging much i got solution for the same here.

Just I exchanged div with button tag

tags with and it work for me.

It was my code then-

Explore
</div>

It is now with working condition-

Explore

Note: <div> and <span> does not work good.

We can also see on stack.

Thanks

Hope it will help you to.

Have a nice day.

we can also see Here

How to open Simple PopUp in ionic-2


Hi all,

I am also working on ionic2 and was in the need to implement “PopUp” window in my existing application. I try many for that by does not get my task accomplished, finally i did something like this-

  • pop-up.html
    <button block dark (click)="showAlert()">Help Window</button>
  • pop-up.ts
    import { Component } from ‘@angular/core’; import { Alert, NavController, NavParams} from ‘ionic-angular’;@Component({ templateUrl: ‘build/pages/pop-up/pop-up.html’, })export class PopUpPage { static get parameters() { return [[NavController]]; } constructor(private nav: NavController) { this.nav = nav; }

    showAlert() {
      let alert = Alert.create({
        title: 'Help Window!',
        subTitle: 'Mindfulness is here for you and your soul. We are intended to stablish your connection to All Mighty.',
        buttons: ['Cancle']
      });
      this.nav.present(alert);
    }
    

    }

This work for me.

screen-shot-2016-09-09-at-3-13-07-pm

Hope will help you…

we can also view here

 

Web View in ionic 2 (Open simple html files from assets )


After wondering a lot to have ionic WebView, I come to get this task done by using these steps-

  1. install inappbrowser in the application by using this path, and follow the steps to get install.
  2. make sure you have all html, images and css in assets directories
  3. for eg-
  4. www/assets/html.
  5. www/assets/css.  
  6. www/assets/images etc..
  7. open file where your want to access the view from assets and type

<a class=”item” href=”#” onclick=”window.open(‘http://www.nraboy.com/contact&#8217;, ‘_self’, ‘location=yes’); return false;”>
External Link Profile
</a>
<a class=”item” href=”#” onclick=”window.open(‘http://localhost:8100/ionic-lab&#8217;, ‘_self’, ‘location=yes’); return false;”>
Local Link of app
</a>

<a class=”item” href=”#” onclick=”window.open(‘/assets/challenge/my-page.html’,’_self’);”>
Open page
</a>

  1. make sure that link format must be in bellow format as-
    var ref = cordova.InAppBrowser.open(url, target, options);
  2. where –
    • ref: Reference to the InAppBrowser window when the target is set to '_blank'. (InAppBrowser)
    • url: The URL to load (String). Call encodeURI() on this if the URL contains Unicode characters.
    • target: The target in which to load the URL, an optional parameter that defaults to _self. (String)
      • _self: Opens in the Cordova WebView if the URL is in the white list, otherwise it opens in the InAppBrowser.
      • _blank: Opens in the InAppBrowser.
      • _system: Opens in the system’s web browser.
    • options: Options for the InAppBrowser. Optional, defaulting to: location=yes. (String)
  3. read the document carefully which will help you to get the task done.

Have a nice day!!!

Generate signed apk for android using Gradle for cordova 6.0.0+ in ionic


Hi all,

After viewing a lot of articles from morning i got my task done.

Like to thanks Niraj, as i got my task done.

steps I followed-

  • open terminal and go to android file

cd projectDir/platforms/android

  • and run this command to generate digital signature

$ keytool genkey v keystore exampleapp.keystore alias example keyalg RSA keysize 2048 validity 10000

this will create a file in you “projectDir/platforms/android” directory with a name of exampleapp.keystore which will have digital signature.

  • Create a file with name of release-signing.properties here in projectDir/platforms/android directory.
  • Provide details to this file about your signature.# signed apk details
    storeFile=exampleapp.keystorekeyAlias=mindfull
    storePassword=password
    keyPassword=password
  • Go to terminal and exit to main project directory by typing

$ cd ../..

  • Run this command to build signed apk.

cordova build android release

this will run many task and show something like this-

Screen Shot 2016-07-04 at 6.22.26 pm

Now you can upload this apk on play store and share with your friend.

Have a nice day !!!

 

Remove many apks getting after Crosswalk integration in an Ionic app


here is the solution for the same, you can create new file as-

  1. Create a file named build-extras.gradle inside my /platform/android/ directory.
  2. put ext.cdvBuildMultipleApks=false inside it.
  3. ionic build android --release then and Voila, it worked.

(or)

the same can be done by adding one line in your existing file it will Take a minute and you can get the single build file by commenting out the

cdvBuildMultipleApks=true

line in the platforms/android/gradle.properties.

Cheers

         (Or)

to see single apk just use this command and To build separate APKs for x86 and arm7, use this command-

$ MUILD_MULTIPLE_APKS=true ionic run android

         (Or)

Removing Crosswalk
Crosswalk can removed two ways.

$ ionic browser revert android
# or
$ ionic browser remove crosswalk

you can also see here.

Have a nice day!!!

Sublime Text Keyboard Shortcut for easy use


Use these rapid keyboard shortcuts to control Linux, Mac OSX, and Windows versions of Sublime Text for all.

Key to the Keys

  • ⌘ : Command key
  • ⌃ : Control key
  • ⌫ : Delete key
  • ↓ : Down arrow key
  • ⌥ : Option or Alt key
  • ↩ : Return or Enter key
  • ⇧ : Shift key
  • ↑ : Up arrow key

: indicates that the step after the arrow should take place after the step before the arrow

General

Command Mac OSX Windows Linux
Open Cmd Prompt ⌘ + ⇧ + P Ctrl + ⇧ + P Ctrl + ⇧ + P
Toggle Side Bar ⌘ + K, ⌘ + B Ctrl + KB Ctrl + KB
Show Scope (Status Bar) ⌃ + ⇧ + P Ctrl + ⇧ + Alt + P Ctrl + ⇧ + Alt + P

Language

Command Mac OSX Windows Linux
Select File Language ⌘ + ⇧ + P [language] Ctrl + ⇧ + P [language] Ctrl + ⇧ + P [language]

Use the “Set Syntax: [language]” selection that is automatically populated in the command menu when you type the programming language.

Editing

Command Mac OSX Windows Linux
Delete Line ⌘ + X Ctrl + X Ctrl + X
Insert Line After ⌘ + ↩ Ctrl + ↩ Ctrl + ↩
Insert Line Before ⌘ + ⇧ + ↩ Ctrl + ⇧ + ↩ Ctrl + ⇧ + ↩
Move Line Up ⌘ + ⌃ + ↑ Ctrl + ⇧ + ↑ Ctrl + ⇧ + ↑
Move Line Down ⌘ + ⌃ + ↓ Ctrl + ⇧ + ↓ Ctrl + ⇧ + ↓
Select Line ⌘ + L Ctrl + L Ctrl + L
Select Word ⌘ + D Ctrl + D Ctrl + D
Multi-Select Editing ⌃ + ⌘ + G Alt + F3 Alt + F3
Jump to Closing Parenthesis ⌃ + M Ctrl + M Ctrl + M
Select Contents of Current Parentheses ⌃ + ⇧ + M Ctrl + ⇧ + M Ctrl + ⇧ + M
Delete from Cursor to End of Line ⌘ + K,⌘ + K Ctrl + KK Ctrl + KK
Delete from Cursor to Start of Line ⌘ + K + ⌫ Ctrl + K + ⌫ Ctrl + K + ⌫
Indent Current Line(s) ⌘ + ] Ctrl + ] Ctrl + ]
Unindent Current Line(s) ⌘ + [ Ctrl + [ Ctrl + [
Duplicate Line(s) ⌘ + ⇧ + D Ctrl + ⇧ + D Ctrl + ⇧ + D
Join Line Below Current Line ⌘ + J Ctrl + J Ctrl + J
Comment/Uncomment Current Line ⌘ + / Ctrl + / Ctrl + /
Block Comment Current Selection ⌘ + ⌥ + / Ctrl + ⇧ + / Ctrl + ⇧ + /
Redo/Repeat Last Keyboard Shortcut ⌘ + Y Ctrl + Y Ctrl + Y
Paste with Proper Indenting ⌘ + ⇧ + V Ctrl + ⇧ + V Ctrl + ⇧ + V
Select Next Autocomplete Suggestion ⌃ + Space Ctrl + Space Ctrl + Space
Soft Undo ⌃ + U Ctrl + U Ctrl + U
Column Selection Up ⌃ + ⇧ + Up Ctrl + Alt + Up Alt + ⇧ + Up
Column Selection Down ⌃ + ⇧ + Down Ctrl + Alt + Down Alt + ⇧ + Down

Transform

Command Mac OSX Windows Linux
To Uppercase ⌘ + K, ⌘ + U Ctrl + KU Ctrl + KU
To Lowercase ⌘ + K, ⌘ + L Ctrl + KL Ctrl + KL
Increase Font Size ⌘ + Ctrl + Ctrl +
Decrease Font Size ⌘ – Ctrl – Ctrl –

Find & Replace

Command Mac OSX Windows Linux
Find ⌘ + F Ctrl + F Ctrl + F
Replace ⌘ + ⌥ + F Ctrl + H Ctrl + H
Find in Files ⌘ + ⇧ + F Ctrl + ⇧ + F Ctrl + ⇧ + F
Use Selection for Find ⌘ + E Ctrl + E Ctrl + E
Use Selection for Replace ⇧ + ⌘ + E ⇧ + Ctrl + E ⇧ + Ctrl + E

Navigation

Command Mac OSX Windows Linux
Quick Open File (by Name) ⌘ + P Ctrl + P Ctrl + P
Go To Symbol ⌘ + R Ctrl + R Ctrl + R
Go To Line ⌃ + G Ctrl + G Ctrl + G

Code Folding

Command Mac OSX Windows Linux
Fold Selection ⌥ + ⌘ + [ ⇧ + Ctrl + [ ⇧ + Ctrl + [
Unfold Selection ⌥ + ⌘ + ] ⇧ + Ctrl + ] ⇧ + Ctrl + ]
Unfold All ⌘ + K, ⌘ + J Ctrl +KJ Ctrl + KJ

Bookmarks

Command Mac OSX Windows Linux
Toggle Bookmark ⌘ + F2 Ctrl + F2 Ctrl + F2
Next Bookmark F2 F2 F2
Previous Bookmark ⇧ + F2 ⇧ + F2 ⇧ + F2
Clear Bookmarks ⇧ + ⌘ + F2 ⇧ + Ctrl + F2 ⇧ + Ctrl + F2

It will help you to make task easy and faster if you use shortcut.

We can see more here as a source.

 

Thanks for reading,

HAve a nice Day !!!.