John, Not according to this post:
http://www.davidnaylor.co.uk/twitter-exploit-still-works.html Dewald On Aug 26, 1:09 pm, John Adams <j...@twitter.com> wrote: > This was patched yesterday afternoon. > > -j > > On Aug 25, 2009, at 11:38 PM, Costa Rica wrote: > > > > > Hello Twitter, > > Any official word on this apparent vulnerability around the Source > > parameter and cross site scripting? > >http://www.davidnaylor.co.uk/massive-twitter-cross-site-scripting-vul... > > TCI > > > On Aug 22, 9:46 am, Chad Etzel <jazzyc...@gmail.com> wrote: > >> Hi All, > > >> We did not intend for the nofollow string to be included in API > >> results. It is on our list to fix. In the meantime you will need to > >> parse around it. > > >> Thanks, > >> -Chad > > >> On Sat, Aug 22, 2009 at 11:20 AM, Costa > >> Rica<ticoconid...@gmail.com> wrote: > > >>> Thanks to all for your suggestions on how to parse, remove nofollows > >>> or extract the URL, but that's not the bottomline of my message. > >>> There > >>> are some source parameters that are posting automated crap > >>> constantly, > >>> and since I run a trending engine I continuously exclude these > >>> tweets. > >>> Yes I can parse and str replace and even base myself only on the > >>> URL, > >>> but the 2 side effects are that my processing time increase (a > >>> simple > >>> string compare vs a regex) - which becomes significant as I increase > >>> the volume I intend to process, and that the URL's themselves can > >>> easily change to workaround these filters. > >>> I will keep my simple compare - the sites are not that many and the > >>> processing toll of regex'ing this does not merit it - but I would > >>> appreciate some word from Twitter when the source parameter is being > >>> changed, or else some sourceid that is stable. > >>> R > > >>> On Aug 21, 10:17 pm, TCI <ticoconid...@gmail.com> wrote: > >>>> Recently you added nofollow's, and now you moved the nofollow after > >>>> the href. Some of us filter these out and you changing them is only > >>>> making it more complicated. Please make up your mind and stop > >>>> changing > >>>> these... > > >>>> <a href="http://fun140.com/">Fun140</a> > > >>>> <a rel="nofollow" href="http://fun140.com/">Fun140</a> > > >>>> <a href="http://fun140.com/" rel="nofollow">Fun140</a>