Simon Willison’s Weblog

Subscribe

Sunday, 6th January 2008

XSS Vulnerabilities in Common Shockwave Flash Files. Is the word “shockwave” still relevant to Flash? Regardless, it turns out Flash can be a serious vector for XSS attacks, and many commonly used components have recently fixed holes (and hence should be updated ASAP).

# 9:35 am / flash, security, shockwave, xss

Filtering foreign key choices in newforms-admin. A nice introduction to the Django newform-admin branch, including an example of how to easily implement row-level permissions.

# 8:31 pm / christian-joergensen, django, newforms, newformsadmin, python

Django Tip: Complex Forms. Malcolm demonstrates some advanced tricks with newforms.

# 10:14 pm / django, malcolmtredinnick, newforms, python

IE7.js version 2.0 (beta). Dean Edwards has updated IE7, shifting enhancements that weren’t fixed by the real IE7 in to a new script called IE8. You can also now hotlink the library directly from Google’s servers, though I don’t know how intended Google Code’s subversion repository is for that purpose.

# 11:15 pm / deanedwards, goode, google-code, ie7, ie8, javascript