?

Log in

No account? Create an account
February 7th, 2006 - LiveJournal Development [entries|archive|friends|userinfo]
LiveJournal Development

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

February 7th, 2006

An easier way to find CSS exploits [Feb. 7th, 2006|11:04 am]
LiveJournal Development

lj_dev

[bradfitz]
Another way to get permanent accounts, if nobody has beaten you to the exploit:

http://www.test.dev.livejournal.org/misc/csstest.bml

Find some CSS which does an alert box (or any JavaScript, but alerts are very in-your-face), then email me with at least subject "XSS-LJ whatever", the browser, and the CSS you put in the box.

Happy Hacking.
link16 comments|post comment

LJ crawler for reasearch purposes [Feb. 7th, 2006|02:43 pm]
LiveJournal Development

lj_dev

[hisameshizumaru]
Hello! I'm sure this has been asked many times, but I haven't found such a post looking back for a while. Anyway: I'm currently writing a crawler for LJ for a research project that I'm working on, and I want to make sure I'm following all the rules, and also if anyone has advice they could give me.

First of all: the research is to determine group sentiment towards particular topics. We will make a single crawl over LJ and then use the data to develop agregate results. Details of individual users will not be mentioned in the report.

For this project we plan to first seed our crawler with usernames and community names found in google searches on a particular topic. We will then crawl over community members and friends of users whose robots.txt files don't exclude crawlers. From each user we are considering only pulling the RSS file, or possibly pulling articles from up to a year in the past.

I have a few questions, though:


  • What about pulling user comments? Would that be ok?

  • How do I know if a community allows robots or not, since they don't have a subdomain with a robots.txt file?

  • At what rate of requests/sec should I set my crawler to in order for it to be "nice"?

  • Are there any previous simmilar works that anyone is aware of?

  • For users that exclude robots: would it be appropriate if I send them a message via their livejournal email address asking if they would like to be included in the research?



Again, this is strictly not for profit, aggregate data collection for research purposes only. I would appreciate any comments anyone has.
link40 comments|post comment

Enhancing the RTE [Feb. 7th, 2006|09:02 pm]
LiveJournal Development

lj_dev

[daveman692]
So I've been spending part of the day working on integrating FCKeditor into LJ, since we all know the current rich text editor isn't great. Issue I'm running into is it always converts <, >, and & to their html entities on submit. So this presents a problem for people wanting to type something like <lj user='test' />.

So two solutions I see:
A) Stop the entity conversion
B) Write a plugin that adds toolbar buttons for LJ specific tags

Issue with A is that I can't figure out where the this conversion is happening. I have disabled the FCKConfig.ProcessHTMLEntities option, but a comment in fckhtmlentities.js says, "This entity is automatically handled by the XHTML parser". Every place it seems like it would be doing this conversion, it isn't. So frustrated with this option.

Issue with B is I that can write a plugin to add a toolbar button with no problem, but don't think I can make it convert an lj tag when someone goes from normal to rich mode. Also not sure how to visually represent things like an lj-cut in the editing interface.

Another option is to always convert the entity back on form submission, client or server side, this however would mean that I couldn't type the entities in the RTE like I did above as an example tag.

So two solutions, neither of which seem perfect. Seems like the good solution is a combination of A and B, so a button to add these tags, and have them show up as a tag in the rich view while not being converted to entities on submit. Been reading through the project's site on SourceForge and seems like others have this same issue with entities; though I guess the project hasn't decided to address it yet. Costs $175 in a donation to get "email support". Anyone familiar with FCKeditor?

Edit: Seems like I've just been going crazy with this all day and it is a fairly easy solution. On submit we do a bit of a onversion which should end up with the right stuff in the end. Sorry for the friends page spam. :P
link16 comments|post comment

navigation
[ viewing | February 7th, 2006 ]
[ go | Previous Day|Next Day ]