Counter speculation of XSS
I changed the entry subject format from 'javascript: subject' to 'javascript - subject' because the former example, which also appears to the HTML title tag, do something bad with amazon associate. The program delivers the subject infomation in querystring and some security softwares on user's computer assumes the communication to be XSS.
Amazon's javascript generates URLs in following format.
http://rcm-jp.amazon.co.jp/e/cm?.......&ref-title=[HTML title]&........
The value is well escaped so it's technically right, but to keep up with the trend of the times, I have to abandon to put any phrases 'script:' in HTML title tag to counter speculation.
Relative Entries
By Timeline
- 2009-08-08 11:35:59 縮.jp -- Generates the shortest URL in the world
- 2009-01-19 19:27:30 Javascript - jquery.clipstr.js
- 2009-01-13 06:37:27 Counter speculation of XSS
- 2009-01-09 12:51:52 Javascript - Easy Widgets to mimic iGoogle's UI
- 2009-01-05 02:37:12 List of Multi Platform Applications
- 2008-10-21 00:00:00 Javascript - Thickboxize images for thickbox3.1
- 2008-10-19 00:00:00 Javascript - newtooltip version 0.1
Home
Contact
Visitors
Comments
no comment existsPage Navigation