On Apr 30, 7:13 pm, Tom van der Woerdt <i...@tvdw.eu> wrote:
> On 5/1/11 12:47 AM, Matthieu GD wrote:> On Apr 30, 12:09 pm, Tom van der 
> Woerdt<i...@tvdw.eu>  wrote:
> >> I've heard this before.
> >> It sounds like all UIWebView, WebBrowser and probably Android's WebView
> >> are blocked. This is definitely a *good* thing for security reasons.
> > They are not blocked, it's *only* a problem of layout.
> Are you sure? A block of CSS saying "html { display: none; }" doesn't
> look like a problem, more like a feature.>> The "workaround" I recommend: 
> launch the actual browser, using a
> >> <yourapp>:// link (something like myapplication://tokenDone) as the
> >> return URL. This is a LOT safer for the users.
> > I have the same problem, and I don't see why using a webcontrol is a
> > security problem. Since xauth is the exception, why twitter is making
> > the use of oauth so hard ?
> You should read the article athttp://goo.gl/xI0PZ

Not sure if my previous message get trough.

ok now we know it's insecure. But why removing the page without notice
since it's not easy to deploy a new version of a native application?
We have lived with xAuth (and it's still used by some applications
like full-fledged clients) during several months until oauth was


Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to