dtm: (lizard)

So many, many, many moons ago (over seven years!) I posted about a greasemonkey script that provided a comment killfile. (See that page if you're unfamiliar with the concept)

It was popular and useful for a while, but mostly succumbed to bit rot while I was at Google and I hadn't had a chance to play with the code in a modern web environment until recently.

I now have an experimental version of my old killfile redone as a chrome extension, and am looking for a few early tester volunteers to find out the places it should work that it doesn't yet. I'm also interested to see if the chrome sync stuff works for people who aren't me. (in theory, all your chrome devices should know about who you've tagged as a troll)

Now I'm providing even less support for this version than I provided for that greasemonkey script, so don't even bother asking unless you feel comfortable following the steps on this page under the heading "Steps on adding extensions from other websites".

But if you'd like to test this thing send me an email at martin -at- snowplow -dot- org.

dtm: (Default)
Yeah, yeah. First post in a long time, first post of the new year, first post with a new US President, etc. Assume I've groveled sufficiently for not posting in ages.

So the other day I visited a website belonging to a friend and my web-browser completely freaked out, blocking the site and saying that it linked to all sorts of disreputable places. That is to say, it warned that my friend's site was including material from sites that attempted to install all sorts of malware.

Now, this was odd, but occasionally a bad ad can get into an ad network, and then everyone showing those ads accidentally is displaying malware, and I figured that was what happened since when I went back and then visited the site again, all was fine.

Only, after reloading her page I discovered that my friend doesn't run ads on her site.

A more detailed description of what was going on, probably of interest only to techies )
dtm: (Default)
Continuing my pattern of occasional technical posts just that my journal won't be completely dormant, here's another one:

If you do much web development at all, you probably work with a template language of some kind. You know, the kind of thing where you write HTML with various placeholders in spots that get filled in by the web application - examples include jsp pages, Django's template system, Smarty templates, PHP pages, or HTML::Mason.

Anyway, the problem with virtually every HTML templating language out there is that they make it easier for the person writing HTML templates to add an XSS hole than to avoid it. This isn't a matter of making it possible for page writers to shoot themselves in the foot - that's always going to be possible, given any reasonable system - it's a matter of making it easier to do than to avoid.

More for people who've ever worked in such environments )

May 2017

212223242526 27


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 19th, 2017 06:54 pm
Powered by Dreamwidth Studios