Matt Bernier » Matt Bernier – A Denver entrepreneur, Denver WordPress developer, WordPress Plugin creator, and PHP developer http://www.mkbernier.com A Denver entrepreneur, trying to get a project to stick, and talking about people Mon, 23 Jan 2012 16:00:53 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Trim, I love your service, but please sanitize your inputs!! http://www.mkbernier.com/2009/02/05/trim-i-love-your-service-but-please-sanitize-your-inputs/ http://www.mkbernier.com/2009/02/05/trim-i-love-your-service-but-please-sanitize-your-inputs/#comments Fri, 06 Feb 2009 05:25:19 +0000 Matt Bernier http://www.mkbernier.com/?p=189 » Read More]]>

I was replying to a friend on Twitter using trim, and I had a <script> tag in the post.  I realized when I submitted that the tag made everything after it in my tweet dissapear. If you want to see the actual tweets, you can find them in my twitter feed here: Matt Bernier’s Twitter Feed

First thougt was, “No Way!”.  Second thought was, “What Else Can I do?”.

So, I tried basic HTML with this tweet:

  1. <h2>Testing whether HTML breaks tr.im</h2> B/c my
  2. <script> tag did earlier</script>
  3. <span style="color:blue;"> ScreenShot coming</script>

This got me this result:

Just HTML in the Tweet

Just HTML in the Tweet

Then I tried an alert:

  1. <script type="text/javascript">
  2. alert('does this work?');
  3. </script>

That got me this result:

Javascript Alert in a tweet

Javascript Alert in a tweet

Then lastly, I tried a little more JS, pay attention though. To make it fit, I used a tr.im URL!!

  1. <script type="text/javascript">
  2. document.body.select('img').each(function(e){e.src="http://tr.im/evmz"});
  3. alert('check the images')
  4. </script>

Which got me this result:

Replaced Tr.im's images with Google's!

Replaced Tr.im's images with Google's!

I have submitted this information to tr.im. I did very mundane, topical things to the page I was looking at, and did not even attempt anything more dangerous. My hope is that you will see the humor in this, urge tr.im to fix this issue and to continue the amazing job that they do.

UPDATE: The Tr.im developers are quick to read their emails, respond, and fix issues. It took all of twenty minutes from when I sent the email to them, for a response saying that this issue was fixed.

Sphere: Related Content

]]> http://www.mkbernier.com/2009/02/05/trim-i-love-your-service-but-please-sanitize-your-inputs/feed/ 0 Today’s twitter posts http://www.mkbernier.com/2009/01/29/todays-twitter-posts-11/ http://www.mkbernier.com/2009/01/29/todays-twitter-posts-11/#comments Fri, 30 Jan 2009 06:59:59 +0000 Matt Bernier http://www.mkbernier.com/2009/01/29/todays-twitter-posts-11/ » Read More]]>
  • welcome to twitter @nakedguyinurpool #
  • uhh…scratch that last tweet. Should be “welcome to twitter @nakedguynurpool” #
  • trying out url highlighting in twitter mycityheadlines.com #
  • one more: http://www.mycityheadlines.com #
  • TinyURL has an API http://www.scripting.com/stories/2007/06/27/tinyurlHasAnApi.html #
  • Pandora please keep your coldplay out of my playlists #
  • altitude is a disgusting misspelling of latitude #
  • @chriseaster The best part of the story was the last 4 lines: “Must have been a slow work day, huh?” #
  • Thank you post office staff for being rude, and for making fun of me. I really appreciate it. #
  • why is my first thought “fight” when my body is already in “flight”?? #
  • @ctshryock @charlesmhudson For fear of repercussions of people literally going “postal” I am keeping my twitter feed quiet of that story #

Powered by Twitter Tools.

Sphere: Related Content

]]> http://www.mkbernier.com/2009/01/29/todays-twitter-posts-11/feed/ 0