How much do you know about the humble <title> tag? It has been there since the earliest HTML specification. The 1995 spec says: There may only be one title in any document. It should identify the content of the document in a fairly wide context. It may not contain anchors, paragraph marks, or highlighting. Remarkably…
Continue reading →
(This isn’t really a security issue, although I’ve disclosed it to the Twitter team.) “Fuzzing” is a computer science term which means “sending weird data into a program and seeing what happens.” It’s a useful way to see how your code can break in new and unexpected ways. It’s particularly good at showing what a…
Continue reading →
An annoying privacy violation from leading email newsletter company MailChimp. Responsibly disclosed on 2017-12-04. When you click a link on a webpage or an email, your browser opens up that link and sends the newly visited webpage a Referer Header. (The misspelling is a historical artefact.) This says “Hello new site, I was referred here…
Continue reading →
This is a sketch of a proposal for a new HTML element to simplify displaying maps on a website. I’d like your comments and criticisms before I submit it. This is born out of my frustration of using different JavaScript mapping solutions – my phone has a mapping app, why do I need to share…
Continue reading →
We’ve all been faced with this screen, right? You haven’t logged in to a website for a while, so it prompts you to change your password. sigh Annoying but probably necessary. The problem was, every time I tried to change my password, it told me that my old password was invalid. The one that I’d…
Continue reading →
Here’s a fun little game for all the family! What is the minimum number of characters required to perform a successful XSS attack? Let’s take an entirely theoretical example – suppose we have a site which echos back user input without sanitising it. So a search for ” <em>” turns the whole page italic. *ahem*…
Continue reading →
Just a couple of silly experiments on a Sunday afternoon. I think it’s beautiful to overly animated GIFs on top of one another. If the topmost GIF has a transparent background it becomes hypnotic to see the synchronisity which appears to develop – akin to listening to Dark Side of the Moon while the Wizard…
Continue reading →
Imagine, just for a moment, you were a computer. Take a look at the following sentence and try to work out where and how you should hyperlink the text. He said “You should visit http://example.com/!” Obvious, isn’t it? Except, of course, it’s not really that simple. There could well be a file named “!” on…
Continue reading →
In October, I was interviewed in Econsultancy about the BBC’s new “responsive” website. I said: The BBC’s mobile site is fairly responsive. If you view it on different sized phones and tablets it adapts quite well. But it is an entirely separate site from the main BBC news site. The BBC are doing device detection…
Continue reading →Image adaptation and resizing is a hot topic at the moment. With devices of varying screensize accessing your site, how do you ensure that the crappy 240*240 phone gets a reasonable experience while still making everything look gorgeous on the retina-busting iPad? One of the very first things we’re taught in HTML school is that…
Continue reading →