Simon Willison’s Weblog

Monday, 30th June 2008

Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http:// and https:// instead. # 3:57 pm

The end of LugRadio. Wow. LugRadio was a podcast before the term podcast had even been coined. It will be sorely missed. # 2:03 pm

Enough Already with the Connections! Comet doesn’t mean making long-lived HTTP connections (which most browsers do anyway thanks to HTTP keep-alive), it means making long-held HTTP requests. I’m guilty of spreading this misinformation in the past. # 9:27 am

2008 » June