Simon Willison’s Weblog

Items tagged security in Apr, 2007

Filters: Year: 2007 × Month: Apr × security ×


Introducing http:BL (via) Project Honey Pot announce a new blacklist service for blocking comment spammers and e-mail spiders using information from their network of honey pots. # 25th April 2007, 11:39 pm

Most HTML templating languages are written incorrectly. “If you ever find yourself in the position of designing an html template language, please make the default behavior when including variables be to HTML-escape them.” I couldn’t agree more. # 15th April 2007, 8:28 pm

JSON and Browser Security. Douglas Crockford suggests using secret tokens to protect JSON content, and avoiding wrapper hacks to protect unauthorised JSON delivery as they may fall foul of undiscovered browser bugs in the future. # 11th April 2007, 12:52 am

Fortify JavaScript Hijacking FUD. Bob Ippolito points out the flaws in the recent widely disseminated JavaScript Hijacking paper. While the paper does miss some important details, it’s good that more people are now aware of the security implications involved in serving JSON up wrapped in an array. # 5th April 2007, 10:51 pm