Matt Bernier » Matt Bernier – A Denver entrepreneur, Denver WordPress developer, WordPress Plugin creator, and PHP developer http://www.mkbernier.com A Denver entrepreneur, trying to get a project to stick, and talking about people Mon, 23 Jan 2012 16:00:53 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Trim, I love your service, but please sanitize your inputs!! http://www.mkbernier.com/2009/02/05/trim-i-love-your-service-but-please-sanitize-your-inputs/ http://www.mkbernier.com/2009/02/05/trim-i-love-your-service-but-please-sanitize-your-inputs/#comments Fri, 06 Feb 2009 05:25:19 +0000 Matt Bernier http://www.mkbernier.com/?p=189 » Read More]]>

I was replying to a friend on Twitter using trim, and I had a <script> tag in the post.  I realized when I submitted that the tag made everything after it in my tweet dissapear. If you want to see the actual tweets, you can find them in my twitter feed here: Matt Bernier’s Twitter Feed

First thougt was, “No Way!”.  Second thought was, “What Else Can I do?”.

So, I tried basic HTML with this tweet:

  1. <h2>Testing whether HTML breaks tr.im</h2> B/c my
  2. <script> tag did earlier</script>
  3. <span style="color:blue;"> ScreenShot coming</script>

This got me this result:

Just HTML in the Tweet

Just HTML in the Tweet

Then I tried an alert:

  1. <script type="text/javascript">
  2. alert('does this work?');
  3. </script>

That got me this result:

Javascript Alert in a tweet

Javascript Alert in a tweet

Then lastly, I tried a little more JS, pay attention though. To make it fit, I used a tr.im URL!!

  1. <script type="text/javascript">
  2. document.body.select('img').each(function(e){e.src="http://tr.im/evmz"});
  3. alert('check the images')
  4. </script>

Which got me this result:

Replaced Tr.im's images with Google's!

Replaced Tr.im's images with Google's!

I have submitted this information to tr.im. I did very mundane, topical things to the page I was looking at, and did not even attempt anything more dangerous. My hope is that you will see the humor in this, urge tr.im to fix this issue and to continue the amazing job that they do.

UPDATE: The Tr.im developers are quick to read their emails, respond, and fix issues. It took all of twenty minutes from when I sent the email to them, for a response saying that this issue was fixed.

Sphere: Related Content

]]> http://www.mkbernier.com/2009/02/05/trim-i-love-your-service-but-please-sanitize-your-inputs/feed/ 0