Today | RSS | RDF | Atom | Other
 
Advanced Search
Eric's weblog
Weird Thoughts From Eric's Head

Tags - Categories : All | AJAX | BUSINESS | PERSONAL | PROGRAMMING | BOOK REVIEW
June 2006
SunMonTueWedThuFriSat
     1  2  3 
 4  5  6  7  8  9  10 
 11  12  13  14  15  16  17 
 18  19  20  21  22  23  24 
 25  26  27  28  29  30  
May  |  Today  |  Jul

Recent Blog Entries
Google Chrome Debugger

Co-Author of Ajax In Action Ajax In Action

Recent Responses
Re: Make innerText compatiable
A better way to do this now is: if(document.all){ document.getElementB...

Re: The responseXML is null or has an error.
Another problem that can screw up your XML response when it is generated by PHP code is when you make a call to a PHP function that reports a warning such as the mail function does when there is a problem with the mail set up. You can suppress these wa...

Other Blogs
Dave Crane
Val's Blog
Dirk's Blog
Nate's weblog
Ajith Kallambella
Lasse's weblog
Gregg's Weblog
Hershey's Blog
My Cave Online
Bounces amongst neurons
Six Sides To A Box
Jia Yo!
Moose in Headlights
Unresolved References
This That and The Other...
Just My Thoughts
Balaji's blog
Java Ranch Book Reviews
Corey's SCJP Tipline, etc.
JavaRanch News
Eric's weblog
Barry's weblog
Mike Curwen's Blog
David's blog
In through the out door
Frank Carver's weblog
Peabody's
Uncontrolled Vocabularies
The Bear Den
I've Been Wondering...
Simon Brown
Permalink
[AJAX] [PROGRAMMING] Will Ajax get another bad rap? Yahoo worm

Will Ajax get another bad rap? Yahoo worm

Just like the Sammy worm attacked MySpace last October another JavaScript flaw in Yahoo email is using the good ole XHR object to grab a users address book and use another technique to send the list of emails to another remote server. Want to see the code look here and you will see the famous lines that look for 4 and 200 with the XHR object!

Now this is why I stress in every single one of my talks about making sure your code does not allow JavaScript injection if you are displaying user input! I even have had interviews (one example) where I stress that you need to do checks. If something this big can affect a company like yahoo, imagine what it can do to your site.



Eric Pascarello
Coauthor of Ajax In Action
Moderator of HTML/JavaScript at www.JavaRanch.com
Author of: JavaScript: Your Visual Blueprint for building Dynamic Web Pages

TrackBacks[0] Comments[3] Posted by pascarello on June 13, 2006 9:50:32 AM EST
Permalink
[AJAX] [PROGRAMMING] pacsnet talk in philly

pacsnet talk in philly

My talk in Philly (http://www.pacsnet.org/) on Saturday went very well. I have not heard a group laugh so much before. My wife says that I am not funny, but this group thought I was. LOL

For anyone that is looking for the files of the presentation, I will try to post them tonight or tomorrow. Thanks for attending the two sessions I did there. I enjoyed talking and answering your questions. It was the first time I did my general overview on Ajax talk and you guys made it easy for me to cover the material.



Eric Pascarello
Coauthor of Ajax In Action
Moderator of HTML/JavaScript at www.JavaRanch.com
Author of: JavaScript: Your Visual Blueprint for Dynamic Web Pages

TrackBacks[1] Comments[0] Posted by pascarello on June 12, 2006 12:25:35 PM EST
Permalink
[AJAX] [PROGRAMMING] Ajax Talks in the Next Week
Philadelphia and Northern Virgina

Just thought I would mention that I have two talks doing up in case you do not have Manning's calendar (http://manning.com/calendar/#Jun) as your homepage.

Tomorrow (06/10/2006) I will be speaking in Philadelphia. I will be talking in two different times. The first talk will be a general overview on what Ajax is, benefits, and other information. Basically it is what I would say to a non technical manager to get them interested. The second talk is my 2 hour look into what makes up the XMLHttpRequest Object (low level approach) and a breif intro to OO JavaScript with Ajax. Site: http://www.pacsnet.org/

On Tuesday Evening of next week (06/13/2006) I will be speaking in Reston, Virgina at NOVAJUG. There I will be doing my long talk into what makes up the XMLHttpRequest Object and a breif intro to OO JavaScript. This is the normal low level look into Ajax. Site: http://www.novajug.com:8080/

If you know of any other user groups in the area, I am always looking to talk. Far drives require it to be on the weekend since this guy is running out of vacation days!



Eric Pascarello
Coauthor of Ajax In Action
Moderator of HTML/JavaScript at www.JavaRanch.com
Author of: JavaScript: Your Visual Blueprint for Dynamic Web Pages

TrackBacks[0] Comments[0] Posted by pascarello on June 9, 2006 9:32:13 AM EST
Powered by Pebble 1.9.1 [ Login ] Content © Eric Pascarello