Hello Twitter, Any official word on this apparent vulnerability around the Source parameter and cross site scripting? http://www.davidnaylor.co.uk/massive-twitter-cross-site-scripting-vulnerability.html TCI
On Aug 22, 9:46 am, Chad Etzel <jazzyc...@gmail.com> wrote: > Hi All, > > We did not intend for the nofollow string to be included in API > results. It is on our list to fix. In the meantime you will need to > parse around it. > > Thanks, > -Chad > > > > On Sat, Aug 22, 2009 at 11:20 AM, Costa Rica<ticoconid...@gmail.com> wrote: > > > Thanks to all for your suggestions on how to parse, remove nofollows > > or extract the URL, but that's not the bottomline of my message. There > > are some source parameters that are posting automated crap constantly, > > and since I run a trending engine I continuously exclude these tweets. > > Yes I can parse and str replace and even base myself only on the URL, > > but the 2 side effects are that my processing time increase (a simple > > string compare vs a regex) - which becomes significant as I increase > > the volume I intend to process, and that the URL's themselves can > > easily change to workaround these filters. > > I will keep my simple compare - the sites are not that many and the > > processing toll of regex'ing this does not merit it - but I would > > appreciate some word from Twitter when the source parameter is being > > changed, or else some sourceid that is stable. > > R > > > On Aug 21, 10:17 pm, TCI <ticoconid...@gmail.com> wrote: > >> Recently you added nofollow's, and now you moved the nofollow after > >> the href. Some of us filter these out and you changing them is only > >> making it more complicated. Please make up your mind and stop changing > >> these... > > >> <a href="http://fun140.com/">Fun140</a> > > >> <a rel="nofollow" href="http://fun140.com/">Fun140</a> > > >> <a href="http://fun140.com/" rel="nofollow">Fun140</a>