Trim, I love your service, but please sanitize your inputs!!

February 5th, 2009 § 0

I was replying to a friend on Twitter using trim, and I had a <script> tag in the post.  I realized when I submitted that the tag made everything after it in my tweet dissapear. If you want to see the actual tweets, you can find them in my twitter feed here: Matt Bernier’s Twitter Feed

First thougt was, “No Way!”.  Second thought was, “What Else Can I do?”.

So, I tried basic HTML with this tweet:

  1. <h2>Testing whether HTML breaks tr.im</h2> B/c my
  2. <script> tag did earlier</script>
  3. <span style="color:blue;"> ScreenShot coming</script>

This got me this result:

Just HTML in the Tweet

Just HTML in the Tweet

Then I tried an alert:

  1. <script type="text/javascript">
  2. alert('does this work?');
  3. </script>

That got me this result:

Javascript Alert in a tweet

Javascript Alert in a tweet

Then lastly, I tried a little more JS, pay attention though. To make it fit, I used a tr.im URL!!

  1. <script type="text/javascript">
  2. document.body.select('img').each(function(e){e.src="http://tr.im/evmz"});
  3. alert('check the images')
  4. </script>

Which got me this result:

Replaced Tr.im's images with Google's!

Replaced Tr.im's images with Google's!

I have submitted this information to tr.im. I did very mundane, topical things to the page I was looking at, and did not even attempt anything more dangerous. My hope is that you will see the humor in this, urge tr.im to fix this issue and to continue the amazing job that they do.

UPDATE: The Tr.im developers are quick to read their emails, respond, and fix issues. It took all of twenty minutes from when I sent the email to them, for a response saying that this issue was fixed.

Sphere: Related Content

Trying out Commission Junction

January 22nd, 2009 § 0

I have had a Commission Junction account for years, but never really had a good place to try it out.  I have something like 2000 advertisers who accepted my sites, mostly because I had grand aspirations to create the single greatest affiliate advertising website on the internet.  Reality hit me upside the head, and I gave up those aspirations of grandeur. Plus, it was a freaking horrible idea.

Anyways, I still have an account with Commission Junction (CJ), so I figured I would try to put some ads up on Failed Proposals.  The site is all about videos and stories of failed wedding proposals. So, it fits that I would want to put wedding related ads on the site.

I found some of my current advertisers who I have approved my sites and I, and I picked a couple for a “Smart Zone”.  A Smart Zone is a feature from CJ, which allows you to group some links together and then use a single piece of JS to display the ads on your site.  I installed this JS and waited, as they say it could take at least 24 hours for the ads to show.

When I came back to the site 2 days later, there were no advertisements showing on the site.  It looked to me like the JS was not working correctly.  I am not sure what the problem was/is really, so I looked for another way to skin this cat.

I remembered the WP-ADS plugin for wordpress, installed it, and inserted the html from CJ in as banners with the location of “header”.  Now, I have to wait again, for a day or a couple of hours (so says CJ) for the ads to show up on the site.

I am hoping that this works, because it would be great to have the ads actually pulling income from the site.

As an added bonus, I also used WP-ADS to place Google Adsense ads into the header and sidebar.

Sphere: Related Content

Where Am I?

You are currently browsing entries tagged with html at Matt Bernier.