tungwaiyip.info

 

home

about me

links

my software

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments (0)

 

pyBlosxom Upgrade

I have finally ditched my home grown blog formatter for pyBlosxom, a very simple file based weblog server. It only take me several hours to setup and integrated with my web pages. Customization is fairly easy. I have designed the style to look, well, like the same old home page (pyBlosxom itself does not come with any decent template anyway). So far the only thing new is the calendar on the left. But I plan to add other features in the coming days.

I have downloaded Movable Type for months and never get to set it up. The database and third party library requirement really puts me off. Yet I am able to setup pyBlosxom within hours. I am really please with its light weight design and the text file based repository.

The main motivation for upgrade is the need to add permalink to the entries. I have some successful experimented with pyBlosxom but I still need some more work before publishing them. After all, permalinks means permanent. So I want to get it right.

2004.07.01 [] - comments (0)

 

past articles »

  

BBC News

 

Hurricane Ike hits Cuba's coast

 

US to reopen Afghan attack case

 

Key wins for Hong Kong opposition

 

US takes over key mortgage firms

 

Canadian PM calls snap election

 

Nano car plant protest suspended

 

Israeli PM 'should be indicted'

 

'Climate crisis' needs brain gain

Mon, 8 September, 2008, 05:11 GMT 06:11 UK

more »

 

Slashdot News for nerds, stuff that matters

 

Prions Observed Jumping Species Barrier (2008-09-08T01:40:00+00:00)

 

IsoHunt Petitions Canadian Court For Copyright Blessing (2008-09-07T23:19:00+00:00)

 

The Complete History of Nintendo (2008-09-07T22:08:00+00:00)

 

The Open Source Humanoid Robot and Its Many Uses (2008-09-07T20:57:00+00:00)

 

1,500-Ship Fleet Proposed To Fight Climate Change (2008-09-07T19:41:00+00:00)

 

OS/2 Community Tries Bounty System (2008-09-07T18:34:00+00:00)

 

How Networks Interact - Peering and Transit Explained (2008-09-07T17:26:00+00:00)

 

India Joins Nuclear Market (2008-09-07T16:25:00+00:00)

more »

 

SF Gate

 

US re-examines Afghan attack that killed civilians (07 Sep 2008)

 

Killer Ike blasts Bahamas, lashes Cuba (07 Sep 2008)

 

Two men shot Saturday on Potrero Hill (07 Sep 2008)

 

ABC News' Gibson lands first Palin interview (07 Sep 2008)

 

Vacaville man shoots alleged intruder (07 Sep 2008)

 

Bush: Takeover of housing giants 'critical' (07 Sep 2008)

 

Egypt rock slide toll rises to 32 (07 Sep 2008)

 

US Government takes over mortgage giants (07 Sep 2008)

 

Advertising group opposes Yahoo-Google pact (07 Sep 2008)

 

Chargers TE Gates sustains bruised hip, returns (07 Sep 2008)

 

OPEC considers cutting oil production (07 Sep 2008)

 

Venezuela, Russia may hold joint naval exercises (07 Sep 2008)

 

Gulf oil and gas producers give Ike a serious look (07 Sep 2008)

 

Wall Street wobbles as economic landscape shifts (07 Sep 2008)

more »

 

Asia Times Online

 

China still on-side with Russia (5 Sep 2008)

 

Afghanistan's war has a new battlefield (5 Sep 2008)

 

US plays both sides in the Philippines (5 Sep 2008)

 

CHAN AKYA : Triangulating an Asian conflict (5 Sep 2008)

 

THE ROVING EYE : All square (5 Sep 2008)

 

Free media amplifies Thai protests (5 Sep 2008)

 

BOOK REVIEW : The ashes of American morality -The Dark Side by Jane Mayer (5 Sep 2008)

 

BP's Russian defeat a market victory (5 Sep 2008)

 

MARKET RAP : Darkest week in a year (5 Sep 2008)

 

IT WORLD : Chrome contender in browser battle (5 Sep 2008)

 

THE MOGAMBO GURU : Pride in acting like a pawnshop (5 Sep 2008)

more »

 

Site feed Updated: 2008-Sep-07 21:15