[Owasp-leaders] twitter link on the owasp wiki

psiinon psiinon at gmail.com
Fri Dec 9 10:14:05 EST 2011


If you apply the template to a page then the default message is the page
name, which users can then change - see the attached example for twitter.
Its just plain links, no javascript, no JSON, no external content:
https://www.owasp.org/index.php?title=Template:Social_Media_Links&action=edit
So I think we'll leak the referrer (unless disabled in the browser) but
nothing else?
Someone else please sanity check the template!

Cheers,

Simon

On Fri, Dec 9, 2011 at 3:01 PM, John Wilander <john.wilander at owasp.org>wrote:

> Fairly clean. I'm happier with this than the "paste this script".
>
> So, does it let users add a message to the tweet etc or do we have
> pre-configured messages?
>
> And on the technical side, are we now hot linking to some integration
> code? Are we doing JSONP? Are we leaking tracking info even when users are
> not clicking any of the links? Just checking.
>
> /John
>
> --
> My music http://www.johnwilander.com
> Twitter https://twitter.com/johnwilander
> CV or Résumé http://johnwilander.se
>
> 9 dec 2011 kl. 08:28 skrev Tom Brennan <tomb at owasp.org>:
>
> Looks really clean
>
> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
>
>
> On Dec 9, 2011, at 8:15 AM, psiinon <psiinon at gmail.com> wrote:
>
> OK, decided to apply money to mouth :)
>
> I've created a template: {{Social Media Links}} which I've shamelessly
> ripped off from http://en.wikinews.org/wiki/Template:Social_bookmarks
> and applied it to
> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
>
> What does everyone think??
>
> Cheers,
>
> Simon
>
> On Fri, Dec 9, 2011 at 11:10 AM, psiinon <psiinon at gmail.com> wrote:
>
>> "What are the gains?"
>>
>> Its just another way to get the OWASP message across.
>> Security pros may know all about us, but I'm still finding developers who
>> havnt heard of OWASP.
>> I'm not saying that this is the one any only answer, but it might help a
>> little bit.
>> Anything that gets OWASP onto sites like reddit and Digg etc has got to
>> be a good thing.
>> As long as these links dont make the site insecure and dont piss people
>> off then I think it would be worth doing.
>> We could always knock up some manual links on a couple of trial pages and
>> see if they make any difference?
>>
>> Cheers,
>>
>> Simon
>>
>>
>> On Thu, Dec 8, 2011 at 7:30 PM, John Wilander <john.wilander at owasp.org>wrote:
>>
>>> So we're entering the era of mashups with various cross-origin hacks,
>>> inlined JavaScript that fetches more JavaScript on the fly, and data
>>> leakage to social networks and their customers. I encourage you to look
>>> under the hood of these type of buttons. It's not a pretty sight IMHO.
>>>
>>> Eventbrite iframe seems fair. But apart from that, what are the gains?
>>>
>>> Are we talking of a static "Hey, check out OWASP" tweet link, many
>>> static tweet links à la "Check out OWASP project X", or a tweet link with
>>> dynamic content "Check out the next global OWASP event Y"? Who are we
>>> hoping for to click? Do typical owasp.org visitors click such buttons?
>>>
>>> Please convince me :).
>>>
>>>    Regards, John
>>>
>>>
>>>
>>> 2011/12/6 OWASP Dutch Chapter <netherlands at owasp.org>
>>>
>>>> L.S.
>>>>
>>>> I have a similar question... I would like to be able to integrate an
>>>> iFrame from EventBrite for our Chapter event registration.
>>>>
>>>> Ferdinand Vroom
>>>> OWASP Netherlands Chapter
>>>>
>>>> 2011/12/6 Eoin <eoin.keary at owasp.org>
>>>>
>>>>>  It is technically possible to put a "tweet this" link on the OWASP
>>>>> wiki pages?
>>>>> Can we add it to page templates?
>>>>>
>>>>> Just a question?
>>>>>
>>>>>
>>>>> --
>>>>> Eoin Keary
>>>>> OWASP Global Board Member (Vice Chair)
>>>>>
>>>>> https://twitter.com/EoinKeary
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> OWASP Dutch Chapter
>>>> Ferdinand Vroom
>>>> Martin Knobloch
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> John Wilander, https://twitter.com/johnwilander
>>> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>>> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
>>> My music http://www.johnwilander.com & my résumé http://johnwilander.se
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111209/da7e4c1e/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter-example.jpg
Type: image/jpeg
Size: 45250 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111209/da7e4c1e/attachment-0001.jpg 


More information about the OWASP-Leaders mailing list