Simon Willison’s Weblog

Subscribe

Sunday, 6th January 2008

XSS Vulnerabilities in Common Shockwave Flash Files. Is the word “shockwave” still relevant to Flash? Regardless, it turns out Flash can be a serious vector for XSS attacks, and many commonly used components have recently fixed holes (and hence should be updated ASAP).

# 9:35 am / flash, xss, security, shockwave

Filtering foreign key choices in newforms-admin. A nice introduction to the Django newform-admin branch, including an example of how to easily implement row-level permissions.

# 8:31 pm / django, newforms, newformsadmin, python, christian-joergensen

Django Tip: Complex Forms. Malcolm demonstrates some advanced tricks with newforms.

# 10:14 pm / newforms, django, python, malcolmtredinnick

IE7.js version 2.0 (beta). Dean Edwards has updated IE7, shifting enhancements that weren’t fixed by the real IE7 in to a new script called IE8. You can also now hotlink the library directly from Google’s servers, though I don’t know how intended Google Code’s subversion repository is for that purpose.

# 11:15 pm / google-code, goode, ie7, ie8, javascript, deanedwards