見た目の上で、隠されているフィールドに対しても自動入力してしまうという問題が話題になっている(2017年1月)
のだけれど、この問題の歴史はとても古い。自分も調査したり問題を報告したりしているので、振り返ってみる。
2012年4月のShibuya.XSS #1 https://atnd.org/events/25689 で、Hamachiya2が発表した
Junya Ogino ogijun
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <head><meta charset="UTF-8"> | |
| <title>Tweets by mootastic</title> | |
| </head><body> | |
| <h1>Tweets by mootastic</h1> | |
| <ol> | |
| <li id="1372720610531450884"><strong>2021-03-19 01:32 (Fri) +0900</strong> | |
| <p>「なぜ宇宙飛行士はLinuxを使うのかって? そりゃ宇宙じゃウインドウを開けないからさ!」 <a href="http://pbs.twimg.com/media/EwziGW0VcAIyN2K.png">http://pbs.twimg.com/media/EwziGW0VcAIyN2K.png</a> | |
mala
/ autofill_ui.md
Last active
January 19, 2017 07:02
暮らしに役立つITコラム ChromeやSafariの自動入力機能が、なぜ「悪いデザイン」なのか
takahashim
/ cross2014-compbook-in-future.md
Last active
January 3, 2016 11:19
http://www.cross-party.com/programs/book/
- The Pragmatic Bookshelf http://pragprog.com/
- no starch press http://www.nostarch.com/
- Packt Publishing http://www.packtpub.com/
- Lulu.com http://www.lulu.com/
- フィードを更新するためのAPIがあると便利です
- クローラを別ホストで動かしたり、別言語で書いたり、特殊用途向けのクローラが書きやすくなります。
- 管理者向けメリット: クロールを外部サービスに分離できる
- ユーザー向けメリット: APIに直接POSTしてフィードじゃないものを読めるようになる
- サイト運営者向け: 将来的なこと考えるとフィードを各々好き勝手クロールする状況は効率が悪い → 更新のタイミングでPush
- Bloglinesには専用のメールアドレスを発行してそこにメール送るとフィードとして読めるみたいな機能があった。
- メール送る → 読める シンプルで万国共通、でもSMTPは面倒くさい
makoto
/ gist:4018340
Created
November 5, 2012 17:05
— forked from seki/gist:4010665
dRubyConf draft
niw
/ MIT-LICENSE.txt
Created
August 25, 2012 12:48
Toggle Host AP Mode on Mac OS X, Using undocumented APIs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Copyright (C) 2012 Yoshimasa Niwa | |
| Permission is hereby granted, free of charge, to any person obtaining | |
| a copy of this software and associated documentation files (the | |
| "Software"), to deal in the Software without restriction, including | |
| without limitation the rights to use, copy, modify, merge, publish, | |
| distribute, sublicense, and/or sell copies of the Software, and to | |
| permit persons to whom the Software is furnished to do so, subject to | |
| the following conditions: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| load "login.rb" | |
| def cleanup!(hash) | |
| hash.keys.each do |key| | |
| hash.delete(key) if [nil, false, 0].include?(hash[key]) | |
| end | |
| end | |
| (1..Float::INFINITY).lazy | |
| .flat_map{|page| |
kazuho
/ fizzbuzz.js
Created
August 9, 2012 03:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fizz = function f() { | |
| fizz = function () { | |
| fizz = function () { | |
| fizz = f | |
| return "Fizz" | |
| } | |
| } | |
| } | |
| buzz = function f() { |
authorNari
/ gist:2823121
Created
May 29, 2012 07:31
NewerOlder