Simon Willison’s Weblog

Subscribe

Tuesday, 7th October 2008

Dealing with UI redress vulnerabilities inherent to the current web (via) The best explanation of clickjacking I’ve seen yet, complete with discussion of a number of non-ideal potential solutions. It looks like frame busting JavaScript will defeat it, but only for users who have JavaScript enabled—which means that in this case extensions like NoScript actually make you less safe. UPDATE: NoScript is smarter than I thought; see the comments.

# 9:59 am / clickjacking, javascript, noscript, security

Clickjacking and NoScript (via) NoScript CAN protect against clickjacking, but only if you enable the “Plugins|Forbid IFRAME” option.

# 11:05 am / clickjacking, noscript, security

Giving Dabble DB a time machine. More innovation from Dabble DB—the service now offers a UI to their backup snapshots, letting you roll your own instance back to a specific point in time to recover accidentally deleted data.

# 12:55 pm / dabbledb, revert, snapshots

XHTML—myths and reality. Useful overview of XHTML from Tina Holmboe of the W3C’s XHTML Working Group, which suggests considering HTML 4.01 strict unless you need mixed namespaces for things like MathML. I’ve been storing this blog’s content as XHTML but serving as HTML for several years now.

# 4:56 pm / html, mathml, namespaces, tinaholmboe, w3c, xhtml

2008 » October

MTWTFSS
  12345
6789101112
13141516171819
20212223242526
2728293031