Thursday, June 16, 2011

CWE-601: oracle.com

Browse the link and logon, if you have account with them.

http://www.oracle.com/webapps/redirect/signon?nexturl=http://ainthek.blogspot.com/
------------------------------------
So they have "fixed" client side problem
http://ainthek.blogspot.com/2011/05/client-side-xss-documentwritelocationhr.html.

and kept more serious
CWE-601: URL Redirection to Untrusted Site ('Open Redirect') still open ?

nice ....

Tuesday, June 14, 2011

w3.org and comments

Can we (miss) USE this somehow ?
Generated from data/head-home.php, ../../smarty/{head.tpl} 
 Generated from data/mast-home.php, ../../smarty/{mast.tpl} 
 #w3c_mast / Page top header 
 w3c_sec_nav is populated through js 
 
 Main navigation menu 
 /end #w3c_mast 
 
 
 
 
 
 
 
 
 end events talks 
 end main content 

    <div id="w3c_home_video">
      <h2 class="category">
        <a href="/participate/podcastsvideo">Featured Video
            <img src="/2008/site/images/header-link.gif" alt="Header link" width
="13" height="13" class="header-link"/>
        </a>
      </h2>
      <p>Here</p>
    </div>
    
 end main col 
 Generated from data/footer.php, ../../smarty/{footer-block.tpl} 
 #footer address / page signature 
 /end #footer 
 Generated from data/scripts.php, ../../smarty/{scripts.tpl} 

Monday, June 13, 2011

Processing.js

great library but:



//Can you simplify this ?
if (obj === null || other === null) {
      return (obj === null) && (other === null);

//.. do I need braces ? Throwing Strings ? Not good for onerror handlers... 
throw ("XMLHttpRequest failed, status code " + xhr.status);

// try to count number of "this." in minimized version ;-(
 
// how many times will you call the same functionn in one line....
a.charAt(0) === "(" || a.charAt(0) === "[") return a.charAt(0)

//loops; could be even shorter right ? (++ vs. --)
a = 0;
for (c = h.length; a < c; ++a) h[a].owner = this;

//could you be more verbose ?
//hardly !
DrawingShared.prototype.vertex = function() {
      var vert = [];

      if (firstVert) { firstVert = false; }

      if (arguments.length === 4) { //x, y, u, v
        vert[0] = arguments[0];
        vert[1] = arguments[1];
        vert[2] = 0;
        vert[3] = arguments[2];
        vert[4] = arguments[3];
      } else { // x, y, z, u, v
        vert[0] = arguments[0];
        vert[1] = arguments[1];
        vert[2] = arguments[2] || 0;
        vert[3] = arguments[3] || 0;
        vert[4] = arguments[4] || 0;
      }

      vert["isVert"] = true;

      return vert;
    };


etc..etc...

TODO: will be continued

Saturday, June 11, 2011

Aptana - Editor Feature Matrix

What to expect and not expect from Aptana Studio 3.X Editors.
http://wiki.appcelerator.org/display/tis/Editor+Feature+Matrix

Thanx to aptana team for link.

Friday, June 10, 2011

jira.appcelerator.org, CWE-209 (Error Message Information Leak)

Try this:

http://jira.appcelerator.org/charts?filename=jfreechart-onetime-4050881654227115418.png

It will print nice detailed error message,
design or badly configured server ?

Aptana Studio 3.3 and html5boilerplate support

Aptana comes with nice feature and includes html5boilerplate
as wizard.
Excited I decided to give it a try.....

This wizard let's you open online (git) verzion or Cached version.
(nice !)

however both versions cause problems:
cached version is pretty old (referencing 1.4 jQuery) and fails with errors,

ENTRY com.aptana.projects 4 0 2011-06-10 00:45:42.917
!MESSAGE Unable to overwrite file during .zip extraction
!STACK 1
org.eclipse.core.runtime.CoreException: Failed applying file-template variables

Git based version of the wizard is fine and gets created
however HTML editor reports errors:

Unexpected end of file index.html /test line 54 JS Problem


Horror folks !

UPDATE: filled bug report

https://aptanastudio.tenderapp.com/discussions/problems/3002-html5-boilerplate-obsolete-and-buggy


http://jira.appcelerator.org/browse/TC-67


and also
http://jira.appcelerator.org/browse/TC-68

Thursday, June 9, 2011

Roo, Maven, STS and paranoid Corporate Proxies (fixed with Fiddler)

If you are using Roo, it uses
pgp.mit.edu:11371
to verify signatures of downloaded Roo Add-on.

If your proxy blocks 11371 and
your proxy admin. is paranoid
(or just lazy)
you will hardly get adon installed.

Since I don't know how to change this uri (can I ?)
I open fiddler
and type in the Quick Exec box:


urlreplace  pgp.mit.edu:11371 keyserver.ubuntu.com
This now uses ubuntu keyserver and "standard" port 80.

Thanx for Fiddler once again.
TODO: Mac solution

Waiting response from Roo team.....

Monday, June 6, 2011

Aptana Studio 3 and HTML5 Support ?

One of the benefits in HTML5 is simplifications:

However Apatana (claiming HTML5 support)
made me disapointed
on my first trial:

<link rel="stylesheet" href="/boilerplate/styles/sample.css" />
This valid HTML5 construction results in warning:

link lacks "type" attribute 
Since I hate warnings and
I hate writing any extra code
I supressed the warning in
Window/Preferences/Aptana/validation/HTML
thax for that option at least.

Or am I doing something wrong ?

UPDATE:
Nothing wrong, after private discussion with aptana team they resond with:
WE HAVE TICKET OPENED FOR THIS:
https://aptana.lighthouseapp.com/projects/35272/tickets/1860.

however I have no account to see the ticket ;-)