This was patched yesterday afternoon.
On Aug 25, 2009, at 11:38 PM, Costa Rica wrote:
Any official word on this apparent vulnerability around the Source
parameter and cross site scripting?
On Aug 22, 9:46 am, Chad Etzel <jazzyc...@gmail.com> wrote:
We did not intend for the nofollow string to be included in API
results. It is on our list to fix. In the meantime you will need to
parse around it.
On Sat, Aug 22, 2009 at 11:20 AM, Costa
Thanks to all for your suggestions on how to parse, remove nofollows
or extract the URL, but that's not the bottomline of my message.
are some source parameters that are posting automated crap
and since I run a trending engine I continuously exclude these
Yes I can parse and str replace and even base myself only on the
but the 2 side effects are that my processing time increase (a
string compare vs a regex) - which becomes significant as I increase
the volume I intend to process, and that the URL's themselves can
easily change to workaround these filters.
I will keep my simple compare - the sites are not that many and the
processing toll of regex'ing this does not merit it - but I would
appreciate some word from Twitter when the source parameter is being
changed, or else some sourceid that is stable.
On Aug 21, 10:17 pm, TCI <ticoconid...@gmail.com> wrote:
Recently you added nofollow's, and now you moved the nofollow after
the href. Some of us filter these out and you changing them is only
making it more complicated. Please make up your mind and stop
<a rel="nofollow" href="http://fun140.com/">Fun140</a>
<a href="http://fun140.com/" rel="nofollow">Fun140</a>