Thursday, June 16, 2011


Browse the link and logon, if you have account with them.
So they have "fixed" client side problem

and kept more serious
CWE-601: URL Redirection to Untrusted Site ('Open Redirect') still open ?

nice ....

Tuesday, June 14, 2011 and comments

Can we (miss) USE this somehow ?
Generated from data/head-home.php, ../../smarty/{head.tpl} 
 Generated from data/mast-home.php, ../../smarty/{mast.tpl} 
 #w3c_mast / Page top header 
 w3c_sec_nav is populated through js 
 Main navigation menu 
 /end #w3c_mast 
 end events talks 
 end main content 

    <div id="w3c_home_video">
      <h2 class="category">
        <a href="/participate/podcastsvideo">Featured Video
            <img src="/2008/site/images/header-link.gif" alt="Header link" width
="13" height="13" class="header-link"/>
 end main col 
 Generated from data/footer.php, ../../smarty/{footer-block.tpl} 
 #footer address / page signature 
 /end #footer 
 Generated from data/scripts.php, ../../smarty/{scripts.tpl} 

Monday, June 13, 2011


great library but:

//Can you simplify this ?
if (obj === null || other === null) {
      return (obj === null) && (other === null);

//.. do I need braces ? Throwing Strings ? Not good for onerror handlers... 
throw ("XMLHttpRequest failed, status code " + xhr.status);

// try to count number of "this." in minimized version ;-(
// how many times will you call the same functionn in one line....
a.charAt(0) === "(" || a.charAt(0) === "[") return a.charAt(0)

//loops; could be even shorter right ? (++ vs. --)
a = 0;
for (c = h.length; a < c; ++a) h[a].owner = this;

//could you be more verbose ?
//hardly !
DrawingShared.prototype.vertex = function() {
      var vert = [];

      if (firstVert) { firstVert = false; }

      if (arguments.length === 4) { //x, y, u, v
        vert[0] = arguments[0];
        vert[1] = arguments[1];
        vert[2] = 0;
        vert[3] = arguments[2];
        vert[4] = arguments[3];
      } else { // x, y, z, u, v
        vert[0] = arguments[0];
        vert[1] = arguments[1];
        vert[2] = arguments[2] || 0;
        vert[3] = arguments[3] || 0;
        vert[4] = arguments[4] || 0;

      vert["isVert"] = true;

      return vert;


TODO: will be continued

Saturday, June 11, 2011

Aptana - Editor Feature Matrix

What to expect and not expect from Aptana Studio 3.X Editors.

Thanx to aptana team for link.

Friday, June 10, 2011, CWE-209 (Error Message Information Leak)

Try this:

It will print nice detailed error message,
design or badly configured server ?

Aptana Studio 3.3 and html5boilerplate support

Aptana comes with nice feature and includes html5boilerplate
as wizard.
Excited I decided to give it a try.....

This wizard let's you open online (git) verzion or Cached version.
(nice !)

however both versions cause problems:
cached version is pretty old (referencing 1.4 jQuery) and fails with errors,

ENTRY com.aptana.projects 4 0 2011-06-10 00:45:42.917
!MESSAGE Unable to overwrite file during .zip extraction
org.eclipse.core.runtime.CoreException: Failed applying file-template variables

Git based version of the wizard is fine and gets created
however HTML editor reports errors:

Unexpected end of file index.html /test line 54 JS Problem

Horror folks !

UPDATE: filled bug report

and also

Thursday, June 9, 2011

Roo, Maven, STS and paranoid Corporate Proxies (fixed with Fiddler)

If you are using Roo, it uses
to verify signatures of downloaded Roo Add-on.

If your proxy blocks 11371 and
your proxy admin. is paranoid
(or just lazy)
you will hardly get adon installed.

Since I don't know how to change this uri (can I ?)
I open fiddler
and type in the Quick Exec box:

This now uses ubuntu keyserver and "standard" port 80.

Thanx for Fiddler once again.
TODO: Mac solution

Waiting response from Roo team.....

Monday, June 6, 2011

Aptana Studio 3 and HTML5 Support ?

One of the benefits in HTML5 is simplifications:

However Apatana (claiming HTML5 support)
made me disapointed
on my first trial:

<link rel="stylesheet" href="/boilerplate/styles/sample.css" />
This valid HTML5 construction results in warning:

link lacks "type" attribute 
Since I hate warnings and
I hate writing any extra code
I supressed the warning in
thax for that option at least.

Or am I doing something wrong ?

Nothing wrong, after private discussion with aptana team they resond with:

however I have no account to see the ticket ;-)