Simon Willison’s Weblog


Tuesday, 7th October 2008

XHTML—myths and reality. Useful overview of XHTML from Tina Holmboe of the W3C’s XHTML Working Group, which suggests considering HTML 4.01 strict unless you need mixed namespaces for things like MathML. I’ve been storing this blog’s content as XHTML but serving as HTML for several years now. # 4:56 pm

Giving Dabble DB a time machine. More innovation from Dabble DB—the service now offers a UI to their backup snapshots, letting you roll your own instance back to a specific point in time to recover accidentally deleted data. # 12:55 pm

Clickjacking and NoScript (via) NoScript CAN protect against clickjacking, but only if you enable the “Plugins|Forbid IFRAME” option. # 11:05 am

Dealing with UI redress vulnerabilities inherent to the current web (via) The best explanation of clickjacking I’ve seen yet, complete with discussion of a number of non-ideal potential solutions. It looks like frame busting JavaScript will defeat it, but only for users who have JavaScript enabled—which means that in this case extensions like NoScript actually make you less safe. UPDATE: NoScript is smarter than I thought; see the comments. # 9:59 am

2008 » October