Josiah
Male
37 years old
NY, New York
United States



Last Login: 2/15/2008
View My: Pics | Videos

   Contacting Josiah

 MySpace URL: 

     Josiah's Details
Status:Single
Zodiac Sign:Capricorn



Josiah is in your extended network
view more

Josiah's Latest Blog Entry  [Subscribe to this Blog]

[View All Blog Entries]

   Josiah's Blurbs
About me:
CLICK HERE IF YOU LOVE YOUR MOM
Who I'd like to meet:

I'd like to meet the people who made this crappy site.

The people who coded this site have the programming skills of a first grader. I cannot begin to describe how horrible the technology is.

The javascript filter is just one example that illustrates how asinine the coding is. How about creating a real parser instead of something that just searches and replaces dirty words? Of course our first grade programmers might have to make it to the eighth grade before they are proficient enough to do so.

Here is a simple example of why the filter system is impossible to maintain. foo.innerHTML is the same as foo['innerHTML']. The latter string can be broken into many pieces. How are you going to detect that? The current myspace method would be just to eliminate the ability to type the letters i,n,e,r,H,T,M, and L. That would do it! Of course you could no longer spell a lot of your favorite words, but you already cannot say innerHTML in plain text without myspace thinking you swore. ("innerHTML" is always supposed to turn into "..", but they cannot even get that right.)

So what's the big deal with allowing people to insert javascript? Nothing, if you don't care about worms that run commands automatically for unsuspecting victims.

How can you avoid Javascript while still allowing HTML? First, there's the lazy man's method: just invent your own "bbcode" or wiki syntax. Of course, this would potentially prevent people from making those profiles that are so ungodly ugly that you want to poke your eyes out.

Another method would be to actually parse the HTML like a real browser would. I know, it's clever. First normalize the document to take care of whitespace and special entities. Build a document node. Then compare that to a white list of allowed tags and attributes (even down to the styles).

So News Corp, you already coughed up some $600 million for the site, how about hiring some competent programmers? Whenever people inform your support team of vulnerabilities, they are just ignored. For starters, I could write you a working HTML filter. You have my e-mail.

The Javascript on this page is just for fun.

For the love of all good things, don't be an idiot and try to write the next myspace JS virus. First it's incredibly juvenile and more importantly, you'll just land yourself in jail with a bunch of murderers and rapists.

Also, no matter how hard you analyze the source to this page, you won't learn how to make a JS virus. If you have the skills to make a JS virus, you definitely aren't going to need to have someone else show you how to insert it into your profile.

But if you want to make your crappy profile even more annoying, then go ahead and try to insert some flying mouse trail and bouncing text scripts.

And most importantly, who knows how many profiles are invisibly stealing your data right now? Myspace doesn't care enough to fix the problem in a timely manner. So I would be pretty careful regarding what kind of information you place in seemingly "private" areas of the site. You cannot really know who has access to it.

:)

   Josiah's Friend Space (Top 0)
Josiah has 0 friends.
You haven't added any friends yet.
To start having fun on MySpace you need to invite some friends and get the ball rolling!

(Invite Your Friends Here)



Josiah's Friends Comments
Add Comment


©2003-2009 MySpace.com. All Rights Reserved.