[lug] Web crawler advice
Bear Giles
bgiles at coyotesong.com
Tue May 6 06:56:27 MDT 2008
Nate Duehr wrote:
>
> On May 5, 2008, at 10:54 PM, Bear Giles wrote:
>
>> If you want to be eviiiil, join us on the j2ee bench. You have full
>> control of the network connection.
>
>
> (Snicker)... those were fun. I like your style. A mix of "lab
> tester" mentality (hmm, what bounds did the programmer forget to think
> about) and a little "Red Green Show" common sense in there with it.
> Duct tape fixes everything!
>
> Kinda "proves" that web browsers are still pretty "stupid" (versus
> "intelligent") after all these years, don't it? :-)
This morning it occurred to me that google lives forever and I should be
clear that I'm not actually suggesting anyone do this. As you picked up
I'm just pointing out the flip side of the error handling that everyone
should be doing, but few people actually do.
(I take the Fifth on how many I've done accidently.)
The one that still blows my mind is the reported exploit where an <img>
gets a -javascript- object back and executes it! The JS can do nasty
stuff before loading the image after itself. How many people would
think to look for malicious js code coming from an <img> tag?
More information about the LUG
mailing list