Building a physical <blink> tag!

by @edent | # # # # | 26 comments | Read ~1,370 times.

This is the latest of my many terrible lockdown-induced ideas. I'm saving money on commuting. So I'm spending it on tech-crap I really don't need. I bought a new laptop sticker. Anyway, enough waffle, here's the end result: This uses 2-frame lenticular printing. History No browser supports the <blink> element any more. It used to…

Continue reading →

Building an "On This Day" site for your Twitter Account

by @edent | # # #
Several columns of Tweets. Each one from a previous year.

I wanted to see what I was Tweeting on this exact day last year. And all the years before. So I built a website! It's a disgusting hack, and I'm truly sorry for unleashing it on you. Using the API You can't. The Twitter search API only goes back 7 days. This whole idea would…

Continue reading →

Stop adding email tracking links to phone numbers!

by @edent | # # # # | 6 comments | Read ~8,773 times.
Gmail showing the tel URl scheme of a link with extra tracking information in it.

My Chinese takeaway delivery was late. Very late. I flipped open the confirmation email sent by Just-Eat to double-check I had all the details correct. At the bottom was a "click to call" link. Hurrah! I clicked dial, and this is what filled my screen: An absurdly long phone number. Bemused, I went to inspect…

Continue reading →

The future of the web, isn't the web

by @edent | # # # # | 9 comments | Read ~5,058 times.
A fist emerges from a computer screen and punches the user.

My friends, and former employers, at the Government Digital Service have written a spectacularly good blog post "Making GOV.UK more than a website". In it, they describe how adding Schema.org markup to their website has allowed search engines to extract semantic content and display it to a user. For example, the "Learn to drive" page…

Continue reading →

Limitations of HTML's title element

by @edent | # # # # | 7 comments | Read ~221 times.
The raw HTML displays in the tab.

How much do you know about the humble <title> tag? It has been there since the earliest HTML specification. The 1995 spec says: There may only be one title in any document. It should identify the content of the document in a fairly wide context. It may not contain anchors, paragraph marks, or highlighting. Remarkably…

Continue reading →

A curious way to break Twitter's search results

by @edent | # # # | Read ~175 times.
Screenshot of a tweet. The HTML is malformed.

(This isn't really a security issue, although I've disclosed it to the Twitter team.) "Fuzzing" is a computer science term which means "sending weird data into a program and seeing what happens." It's a useful way to see how your code can break in new and unexpected ways. It's particularly good at showing what a…

Continue reading →

MailChimp leaks your email address

by @edent | # # # # | 7 comments | Read ~4,343 times.
Change email address page with obscured email address

An annoying privacy violation from leading email newsletter company MailChimp. Responsibly disclosed on 2017-12-04. When you click a link on a webpage or an email, your browser opens up that link and sends the newly visited webpage a Referer Header. (The misspelling is a historical artefact.) This says "Hello new site, I was referred here…

Continue reading →

Mapping in HTML - a proposal for a new element

by @edent | # # # # | 17 comments | Read ~4,897 times.
Two men are confused by a paper map

This is a sketch of a proposal for a new HTML element to simplify displaying maps on a website. I'd like your comments and criticisms before I submit it. This is born out of my frustration of using different JavaScript mapping solutions - my phone has a mapping app, why do I need to share…

Continue reading →

How *not* to do a password change page

by @edent | # # # # # | 3 comments | Read ~349 times.

We've all been faced with this screen, right? You haven't logged in to a website for a while, so it prompts you to change your password. sigh Annoying but probably necessary. The problem was, every time I tried to change my password, it told me that my old password was invalid. The one that I'd…

Continue reading →

Minimum Viable XSS

by @edent | # # # | Read ~2,091 times.

Here's a fun little game for all the family! What is the minimum number of characters required to perform a successful XSS attack? Let's take an entirely theoretical example - suppose we have a site which echos back user input without sanitising it. So a search for " <em>" turns the whole page italic. *ahem*…

Continue reading →