Supposedly there are a couple of methods of blocking Twitters JavaScript but I can't find the page anymore. My recollection is they mostly relied on vulnerabilities in IE... Kind of ironic actually. I would not recommend this method as it probably could get you banned from Twitter.
On Sun, Feb 15, 2009 at 12:11, John Adams <j...@twitter.com> wrote: > > Actually, forcing an app to use the API is better for Twitter. You get the > data directly, and the system doesn't spend any time rendering the HTML. > Less data from us = less time tying up server resources. > > There's no reason why you can't write a small amount of code to fetch a > user's Tweets and display them in an IFRAME in the same way that you've > described, with your site as the IFRAME's source. > > There were few options to defend against clickjacking. Denying IFRAMEs and > preventing authenticated sessions from opening in them (when part of another > page) was our best defense. > > -john > > > On Feb 15, 2009, at 8:18 AM, Shannon Whitley wrote: > > >> I hope Twitter will reconsider these changes. With My Tweeple, I was >> able to provide a preview of a user's updates by displaying the page >> in an iframe. It was very convenient for the user to review someone's >> tweets before deciding to follow someone. It also appears that >> Twummize.com no longer works (one of my favorite simple mashups of >> Twitter and Twitter Search). Forcing an app to hit the API to >> recreate a page that already exists on Twitter.com seems like a bad >> thing for Twitter. >> >> On Feb 13, 3:10 pm, Cameron Kaiser <spec...@floodgap.com> wrote: >> >>> Because if the click-jacking incident yesterday it seems you've added >>>> >>> >>> something like: >>>> >>> >>> //<![CDATA[ >>>> twttr.form_authenticity_token = >>>> '966f6780e3bb206fe5f451d9ea40407f6532277f'; >>>> if (window.top !== window.self) { setTimeout(function() >>>> {document.body.innerHTML='';},1);window.self.onload=function(evt) >>>> {document.body.innerHTML='';};} >>>> //]]> >>>> >>> >>> Which I guess fixes the click-jack problem but now our app at >>>> http://topichawk.com/is broken because we use an iFrame in a harmless >>>> way to display tweets. Is there a process to keep our site from being >>>> treated like a spammer? >>>> >>> >>> Twitter doesn't support using <iframe>s and anything you had working >>> before >>> was almost certainly by accident. You're going to have to code something >>> up >>> that queries the API. >>> >>> -- >>> ------------------------------------ personal: >>> http://www.cameronkaiser.com/-- >>> Cameron Kaiser * Floodgap Systems *www.floodgap.com* >>> ckai...@floodgap.com >>> -- The faster we go, the rounder we get. -- The Grateful Dead, on >>> relativity --- Hide quoted text - >>> >>> - Show quoted text - >>> >> > -- Abraham Williams | http://the.hackerconundrum.com Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from: Madison Wi United States.