http://simonwillison.net/2009-04-12T12:33:48+00:00Simon Willison2009-04-12T12:33:48+00:002009-04-12T12:33:48+00:00https://simonwillison.net/2009/Apr/12/chris/#atom-tag

<p><strong><a href="http://shiflett.org/blog/2009/apr/a-rev-canonical-http-header">A rev=&quot;canonical&quot; HTTP Header</a></strong></p> Chris Shiflett proposes optionally exposing rev=canonical information in an HTTP header, thus allowing sites to discover shorter URLs using just a HEAD request and removing the need to parse HTML. The pingback specification also uses this shortcut. <p>Tags: <a href="https://simonwillison.net/tags/chris-shiflett">chris-shiflett</a>, <a href="https://simonwillison.net/tags/head">head</a>, <a href="https://simonwillison.net/tags/headers">headers</a>, <a href="https://simonwillison.net/tags/http">http</a>, <a href="https://simonwillison.net/tags/pingback">pingback</a>, <a href="https://simonwillison.net/tags/revcanonical">revcanonical</a></p>

2009-02-12T19:56:42+00:002009-02-12T19:56:42+00:00https://simonwillison.net/2009/Feb/12/chris/#atom-tag

<p><strong><a href="http://shiflett.org/blog/2009/feb/twitter-dont-click-exploit">Twitter Don&#x27;t Click Exploit</a></strong></p> Someone ran a successful ClickJacking exploit against Twitter users, using a transparent iframe holding the Twitter homepage with a status message fed in by a query string parameter. Thiss will definitely help raise awareness of ClickJacking! Twitter has now added framebusting JavaScript to prevent the exploit. <p>Tags: <a href="https://simonwillison.net/tags/chris-shiflett">chris-shiflett</a>, <a href="https://simonwillison.net/tags/clickjacking">clickjacking</a>, <a href="https://simonwillison.net/tags/framebusting">framebusting</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/twitter">twitter</a></p>

2008-08-08T23:32:49+00:002008-08-08T23:32:49+00:00https://simonwillison.net/2008/Aug/8/chris/#atom-tag

<p><strong><a href="http://shiflett.org/blog/2008/aug/end-of-life-for-php-4">End of Life for PHP 4</a></strong></p> Apparently 8/8/8 marks the end of the line for PHP 4—no new releases, no support, not even security patches. <p>Tags: <a href="https://simonwillison.net/tags/chris-shiflett">chris-shiflett</a>, <a href="https://simonwillison.net/tags/php">php</a>, <a href="https://simonwillison.net/tags/php4">php4</a></p>

2007-07-18T07:45:45+00:002007-07-18T07:45:45+00:00https://simonwillison.net/2007/Jul/18/chris/#atom-tag

<p><strong><a href="http://shiflett.org/blog/2007/jul/csrf-redirector">CSRF Redirector</a></strong></p> Smart tool for testing CSRF vulnerabilities, by Chris Shiflett. <p>Tags: <a href="https://simonwillison.net/tags/chris-shiflett">chris-shiflett</a>, <a href="https://simonwillison.net/tags/csrf">csrf</a>, <a href="https://simonwillison.net/tags/security">security</a></p>

2007-03-16T10:16:03+00:002007-03-16T10:16:03+00:00https://simonwillison.net/2007/Mar/16/chris/#atom-tag

<p><strong><a href="http://shiflett.org/blog/2007/mar/my-amazon-anniversary">Chris Shiflett: My Amazon Anniversary</a></strong></p> Chris Shiflett discloses an unfixed CSRF vulnerability in Amazon’s 1-Click feature that lets an attacker add items to your shopping basket—after reporting the vulnerability to Amazon a year ago! <p>Tags: <a href="https://simonwillison.net/tags/amazon">amazon</a>, <a href="https://simonwillison.net/tags/chris-shiflett">chris-shiflett</a>, <a href="https://simonwillison.net/tags/csrf">csrf</a>, <a href="https://simonwillison.net/tags/security">security</a></p>

2005-12-24T17:21:42+00:002005-12-24T17:21:42+00:00https://simonwillison.net/2005/Dec/24/chris/#atom-tag

<p><strong><a href="http://shiflett.org/archive/178">Chris Shiflett: Google XSS Example</a></strong></p> UTF-7 is a nasty vector for XSS. <p><small></small>Via <a href="http://jeremy.zawodny.com/blog/">Jeremy Zawodny</a></small></p> <p>Tags: <a href="https://simonwillison.net/tags/chris-shiflett">chris-shiflett</a>, <a href="https://simonwillison.net/tags/google">google</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>