[Owasp-leaders] twitter link on the owasp wiki

psiinon psiinon at gmail.com
Fri Dec 9 10:25:49 EST 2011


Or expeRT.

Doh!

On Fri, Dec 9, 2011 at 3:23 PM, psiinon <psiinon at gmail.com> wrote:

> Just realised that the twitter example just includes the URL :)
> Some of the others use the URL and also the page title.
> Either look at the template code, hover over the links or actually click
> on them.
> None of them should do anything without another confirmation - all of the
> social media sites linked to should handle CSRFs by now!
> Let me know if you have any problems/suggestions/etc but I dont claim to
> be a MediaWiki expect :)
>
> Cheers,
>
> Simon
>
>
> On Fri, Dec 9, 2011 at 3:14 PM, psiinon <psiinon at gmail.com> wrote:
>
>> If you apply the template to a page then the default message is the page
>> name, which users can then change - see the attached example for twitter.
>> Its just plain links, no javascript, no JSON, no external content:
>> https://www.owasp.org/index.php?title=Template:Social_Media_Links&action=edit
>> So I think we'll leak the referrer (unless disabled in the browser) but
>> nothing else?
>> Someone else please sanity check the template!
>>
>> Cheers,
>>
>> Simon
>>
>>
>> On Fri, Dec 9, 2011 at 3:01 PM, John Wilander <john.wilander at owasp.org>wrote:
>>
>>> Fairly clean. I'm happier with this than the "paste this script".
>>>
>>> So, does it let users add a message to the tweet etc or do we have
>>> pre-configured messages?
>>>
>>> And on the technical side, are we now hot linking to some integration
>>> code? Are we doing JSONP? Are we leaking tracking info even when users are
>>> not clicking any of the links? Just checking.
>>>
>>> /John
>>>
>>> --
>>> My music http://www.johnwilander.com
>>> Twitter https://twitter.com/johnwilander
>>> CV or Résumé http://johnwilander.se
>>>
>>> 9 dec 2011 kl. 08:28 skrev Tom Brennan <tomb at owasp.org>:
>>>
>>> Looks really clean
>>>
>>> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
>>>
>>>
>>> On Dec 9, 2011, at 8:15 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>> OK, decided to apply money to mouth :)
>>>
>>> I've created a template: {{Social Media Links}} which I've shamelessly
>>> ripped off from http://en.wikinews.org/wiki/Template:Social_bookmarks
>>> and applied it to
>>> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
>>>
>>> What does everyone think??
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> On Fri, Dec 9, 2011 at 11:10 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> "What are the gains?"
>>>>
>>>> Its just another way to get the OWASP message across.
>>>> Security pros may know all about us, but I'm still finding developers
>>>> who havnt heard of OWASP.
>>>> I'm not saying that this is the one any only answer, but it might help
>>>> a little bit.
>>>> Anything that gets OWASP onto sites like reddit and Digg etc has got to
>>>> be a good thing.
>>>> As long as these links dont make the site insecure and dont piss people
>>>> off then I think it would be worth doing.
>>>> We could always knock up some manual links on a couple of trial pages
>>>> and see if they make any difference?
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>>
>>>> On Thu, Dec 8, 2011 at 7:30 PM, John Wilander <john.wilander at owasp.org>wrote:
>>>>
>>>>> So we're entering the era of mashups with various cross-origin hacks,
>>>>> inlined JavaScript that fetches more JavaScript on the fly, and data
>>>>> leakage to social networks and their customers. I encourage you to look
>>>>> under the hood of these type of buttons. It's not a pretty sight IMHO.
>>>>>
>>>>> Eventbrite iframe seems fair. But apart from that, what are the gains?
>>>>>
>>>>> Are we talking of a static "Hey, check out OWASP" tweet link, many
>>>>> static tweet links à la "Check out OWASP project X", or a tweet link with
>>>>> dynamic content "Check out the next global OWASP event Y"? Who are we
>>>>> hoping for to click? Do typical owasp.org visitors click such buttons?
>>>>>
>>>>> Please convince me :).
>>>>>
>>>>>    Regards, John
>>>>>
>>>>>
>>>>>
>>>>> 2011/12/6 OWASP Dutch Chapter <netherlands at owasp.org>
>>>>>
>>>>>> L.S.
>>>>>>
>>>>>> I have a similar question... I would like to be able to integrate an
>>>>>> iFrame from EventBrite for our Chapter event registration.
>>>>>>
>>>>>> Ferdinand Vroom
>>>>>> OWASP Netherlands Chapter
>>>>>>
>>>>>> 2011/12/6 Eoin <eoin.keary at owasp.org>
>>>>>>
>>>>>>>  It is technically possible to put a "tweet this" link on the OWASP
>>>>>>> wiki pages?
>>>>>>> Can we add it to page templates?
>>>>>>>
>>>>>>> Just a question?
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Eoin Keary
>>>>>>> OWASP Global Board Member (Vice Chair)
>>>>>>>
>>>>>>> https://twitter.com/EoinKeary
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> OWASP Dutch Chapter
>>>>>> Ferdinand Vroom
>>>>>> Martin Knobloch
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> John Wilander, https://twitter.com/johnwilander
>>>>> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>>>>> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
>>>>> My music http://www.johnwilander.com & my résumé
>>>>> http://johnwilander.se
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111209/fe5d759a/attachment-0001.html 


More information about the OWASP-Leaders mailing list