Posts tagged with "Websites"
RSS: there's nothing better

“An RSS feed? That’s so 2007!” “Well then what do you suggest instead?” “Everyone gets their updates through their Facebook feeds these days! Just make a Facebook page!” “That sounds great! Then half of my subscribers will see half of my updates, during weeks in which Zuckerberg choses to weigh the algorithms more towards news and less towards friends’ photos. Also everyone has to have a Facebook account.” “Yeah, okay, point made. Twitter is better anyway: it’s totally public, doesn’t force people to sign in to see feeds, and its feeds aren’t subject to...

Moving to a static site

As of today, this site is no longer powered by the Ghost blogging engine. Before today, this blog was a web application with a database and a complex application server with a lot of moving parts. Now it is a bunch of .html files. These files are generated by Hugo, a static site generator. Apart from a few unrelated CSS changes, you shouldn’t really notice a difference – although now you have to navigate to different pages to see different taglines, rather than just refreshing the front page....

End of Year Two

I started this blog on the 7th of April 2014, exactly two years ago. Exactly one year ago I did a retrospective post, so I figured it was about time for another. In that post, I mentioned how part of the aim of this blog has been to avoid self-indulgence – while I obviously write about things that I like and am interested in, using a style that’s enjoyable for me, I also try to make each article have some sort of external point and avoid...

Notes on contentEditable and HTML injection

In the bad old days, all user-supplied text in a web page was entered using one or other form element, input for short texts such as names, and textarea for texts that may span multiple lines, such as comments or user feedback. These elements, while extremely useful and serviceable, didn’t always fit in with the webpages they occupied, and had no capacity for WYSIWYG editing of formatted text. But now, using the contentEditable attribute (one of HTML5’s many innovations) almost any element on the page can be used for user-supplied...

Notes on CSRF and the ASP.NET ViewState

In principle, Cross-Site Request Forgery is a pretty straightforward kind of website vulnerability. Easy to test, common, and not trivial, but also not very severe. I send a request to a website to perform some action on my behalf.The website understands the action I want to perform by the data contained in my request: which URL it’s going to and what GET or POST parameters it’s carrying. It understands who I am by looking at my session cookie, a separate piece of data which I get when I log on and...