Hello Twitter,
Any official word on this apparent vulnerability around the Source
parameter and cross site scripting?
http://www.davidnaylor.co.uk/massive-twitter-cross-site-scripting-vulnerability.html
TCI
On Aug 22, 9:46 am, Chad Etzel jazzyc...@gmail.com wrote:
Hi All,
We did not intend
This was patched yesterday afternoon.
-j
On Aug 25, 2009, at 11:38 PM, Costa Rica wrote:
Hello Twitter,
Any official word on this apparent vulnerability around the Source
parameter and cross site scripting?
http://www.davidnaylor.co.uk/massive-twitter-cross-site-scripting-vulnerability.html
John,
Not according to this post:
http://www.davidnaylor.co.uk/twitter-exploit-still-works.html
Dewald
On Aug 26, 1:09 pm, John Adams j...@twitter.com wrote:
This was patched yesterday afternoon.
-j
On Aug 25, 2009, at 11:38 PM, Costa Rica wrote:
Hello Twitter,
Any official word
Hmm, using some command line test programs I've developed, I'm still
getting 'rel=nofollow'. For example:
--
Public timeline
20 statusses
Status 0: from HandsomeSmokes, 35229362, Mula Smokes , Brooklyn
HTML does not make the order of attributes significant, so it's not a
good idea to rely on a specific order.
Sounds like you want to strip out markup, so you should already be
running a whitelist of acceptable attributes, and not let through the
the rest. For example, you wouldn't want to let
On Sat, Aug 22, 2009 at 1:17 AM, TCI ticoconid...@gmail.com wrote:
Recently you added nofollow's, and now you moved the nofollow after
the href. Some of us filter these out and you changing them is only
making it more complicated. Please make up your mind and stop changing
these...
a
Ummm... strip_tags()'s?
On Fri, Aug 21, 2009 at 9:17 PM, TCI ticoconid...@gmail.com wrote:
Recently you added nofollow's, and now you moved the nofollow after
the href. Some of us filter these out and you changing them is only
making it more complicated. Please make up your mind and stop
Crazily enough, not everyone writes in PHP.
∞ Andy Badera
∞ This email is: [ ] bloggable [x] ask first [ ] private
∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)
On Sat, Aug 22, 2009 at 3:28 AM, Joel Strellnerj...@twitturly.com wrote:
Ummm... strip_tags()'s?
Use DOM functions in your language to parse it.
Dont use Regex. Another Good solution is using libxml. But Html is not XML.
So you may have to convert it.
Thats why DOM is better.
--
A K M Mokaddim
http://talk.cmyweb.net
http://twitter.com/shiplu
Stop Top Posting !!
বাংলিশ লেখার চাইতে বাংলা লেখা
Can you use DOM functions in most languages on mere HTML fragments?
∞ Andy Badera
∞ This email is: [ ] bloggable [x] ask first [ ] private
∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)
On Sat, Aug 22, 2009 at 7:38 AM, shiplushiplu@gmail.com wrote:
Use DOM
technically as long as it's well formed, any fragment can be valid XML in
the eyes of DOM (sounds like an Italian mobster there). I mean sure, you
couldn't feed it
a href=foohi
but you could feed it
a href=foohi/a
On Sat, Aug 22, 2009 at 06:27, Andrew Badera and...@badera.us wrote:
Can you
Wouldn't str_replace('rel=nofollow', '', $href_from_twitter) work
just as well?
Dewald
On Aug 22, 1:54 am, Gonzalo Larralde gonzalolarra...@gmail.com
wrote:
On Sat, Aug 22, 2009 at 1:17 AM, TCI ticoconid...@gmail.com wrote:
Recently you added nofollow's, and now you moved the nofollow after
Thanks to all for your suggestions on how to parse, remove nofollows
or extract the URL, but that's not the bottomline of my message. There
are some source parameters that are posting automated crap constantly,
and since I run a trending engine I continuously exclude these tweets.
Yes I can parse
Hi All,
We did not intend for the nofollow string to be included in API
results. It is on our list to fix. In the meantime you will need to
parse around it.
Thanks,
-Chad
On Sat, Aug 22, 2009 at 11:20 AM, Costa Ricaticoconid...@gmail.com wrote:
Thanks to all for your suggestions on how to
Hehehe... your regex isn't much better!
/a\s+(.*?\s+)?href=[']?(.+?)[']?(\s+.*?)?(.+?)\/a/is
On Aug 21, 9:54 pm, Gonzalo Larralde gonzalolarra...@gmail.com
wrote:
On Sat, Aug 22, 2009 at 1:17 AM, TCI ticoconid...@gmail.com wrote:
Recently you added nofollow's, and now you moved the
Ha ha. Php does have a regex parser. This should not matter if coded
correctly. Twitter did announce they would be messing around last week.
--
Scott
Iphone says hello.
On Aug 22, 2009, at 3:07 AM, Andrew Badera and...@badera.us wrote:
Crazily enough, not everyone writes in PHP.
∞ Andy
On Sat, Aug 22, 2009 at 5:18 AM, PJBpjbmancun...@gmail.com wrote:
Hehehe... your regex isn't much better!
/a\s+(.*?\s+)?href=[']?(.+?)[']?(\s+.*?)?(.+?)\/a/is
On Aug 21, 9:54 pm, Gonzalo Larralde gonzalolarra...@gmail.com
wrote:
Or, maybe, you can try using this regex:
/a.*?
17 matches
Mail list logo
