Archive for the ‘JavaScript’ Category

Inheritance and Mootools Mixins

Friday, February 11th, 2011

I was playing with Mootools’ Class implementation today. It has a few nice features like mixins, easy¬†inheritance¬†and sane parent method calling. I did run into issues combining mixins (through the Implements keyword) with parent method calling. The following code fails with the message: The method “setOptions” has no parent. (more…)

Abusing the Cache: Tracking Users without Cookies

Friday, January 29th, 2010

I’ve been doing a little bit of research into ways to misuse browser history and cache and came across a very simple technique for tracking users without the need for cookies. Firstly, a demo. If you watch the HTTP requests you’ll see that there are no cookies being used.

(more…)

Windows Gadgets and Invalid Packages

Sunday, January 24th, 2010

I’ve recently upgraded to Windows 7 and decided to experiment with the in built gadgets. Windows gadgets are built on web technologies; each gadget is really just a couple of HTML pages glued together with JavaScript. This is good in principle but there are enough differences between the gadget environment and Internet Explorer to make testing difficult.

(more…)

Securing Your PHP Code – XSS

Saturday, April 5th, 2008

Today I’m going to start a three part series looking at security issues affecting web developers. The specifics apply to PHP developers, but the general concepts carry across all technologies.

Any significant website is going to consist of three core layers: the client side code (HTML and JavaScript), server code (PHP) and a storage layer (MySQL). As a developer you should be aware of the security implications of each layer of technology and how you can best secure your code.

(more…)