Sunday, 6th January 2008
XSS Vulnerabilities in Common Shockwave Flash Files. Is the word “shockwave” still relevant to Flash? Regardless, it turns out Flash can be a serious vector for XSS attacks, and many commonly used components have recently fixed holes (and hence should be updated ASAP).
Filtering foreign key choices in newforms-admin. A nice introduction to the Django newform-admin branch, including an example of how to easily implement row-level permissions.
Django Tip: Complex Forms. Malcolm demonstrates some advanced tricks with newforms.
IE7.js version 2.0 (beta). Dean Edwards has updated IE7, shifting enhancements that weren’t fixed by the real IE7 in to a new script called IE8. You can also now hotlink the library directly from Google’s servers, though I don’t know how intended Google Code’s subversion repository is for that purpose.