Supposedly there are a couple of methods of blocking Twitters JavaScript but
I can't find the page anymore. My recollection is they mostly relied on
vulnerabilities in IE... Kind of ironic actually. I would not recommend this
method as it probably could get you banned from Twitter.
On Sun, Feb 15, 2009 at 12:11, John Adams <j...@twitter.com> wrote:
>
> Actually, forcing an app to use the API is better for Twitter. You get the
> data directly, and the system doesn't spend any time rendering the HTML.
> Less data from us = less time tying up server resources.
>
> There's no reason why you can't write a small amount of code to fetch a
> user's Tweets and display them in an IFRAME in the same way that you've
> described, with your site as the IFRAME's source.
>
> There were few options to defend against clickjacking. Denying IFRAMEs and
> preventing authenticated sessions from opening in them (when part of another
> page) was our best defense.
>
> -john
>
>
> On Feb 15, 2009, at 8:18 AM, Shannon Whitley wrote:
>
>
>> I hope Twitter will reconsider these changes. With My Tweeple, I was
>> able to provide a preview of a user's updates by displaying the page
>> in an iframe. It was very convenient for the user to review someone's
>> tweets before deciding to follow someone. It also appears that
>> Twummize.com no longer works (one of my favorite simple mashups of
>> Twitter and Twitter Search). Forcing an app to hit the API to
>> recreate a page that already exists on Twitter.com seems like a bad
>> thing for Twitter.
>>
>> On Feb 13, 3:10 pm, Cameron Kaiser <spec...@floodgap.com> wrote:
>>
>>> Because if the click-jacking incident yesterday it seems you've added
>>>>
>>>
>>> something like:
>>>>
>>>
>>> //<![CDATA[
>>>> twttr.form_authenticity_token =
>>>> '966f6780e3bb206fe5f451d9ea40407f6532277f';
>>>> if (window.top !== window.self) { setTimeout(function()
>>>> {document.body.innerHTML='';},1);window.self.onload=function(evt)
>>>> {document.body.innerHTML='';};}
>>>> //]]>
>>>>
>>>
>>> Which I guess fixes the click-jack problem but now our app at
>>>> http://topichawk.com/is broken because we use an iFrame in a harmless
>>>> way to display tweets. Is there a process to keep our site from being
>>>> treated like a spammer?
>>>>
>>>
>>> Twitter doesn't support using <iframe>s and anything you had working
>>> before
>>> was almost certainly by accident. You're going to have to code something
>>> up
>>> that queries the API.
>>>
>>> --
>>> ------------------------------------ personal:
>>> http://www.cameronkaiser.com/--
>>> Cameron Kaiser * Floodgap Systems *www.floodgap.com*
>>> ckai...@floodgap.com
>>> -- The faster we go, the rounder we get. -- The Grateful Dead, on
>>> relativity --- Hide quoted text -
>>>
>>> - Show quoted text -
>>>
>>
>
--
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from: Madison Wi United States.
