I've been reading about the threat of Cross-Site Scripting, or CSS, or indeed XSS, and it seems it's a method by which a malicious website can bypass security measures on another site, using the user's information, held in cookies. I may be completely wrong of course, as I'm no expert!
Anyway, the problem as far as 'On The Road' is concerned, is that Google's 'Event' gadget, which I used to show details of races at the bottom of this page, is not too clever at protecting cookie info (or something!), so I've removed them for the time being. The same goes for the 'Share It' gadget (By someone called Barry Welch at Friend Connect Message Labs) which allowed users to share or bookmark pages on Twitter and/or Facebook, so that's gone too.
Unfortunately I don't have the skills to write my own gadgets (nor the time/inclination to acquire those skills) so those parts of On The Run will remain unavailable unless/until someone comes up with new improved gadgets.
So, I apologise if my blog caused any trauma , and for the now reduced functionality. I hope it doesn't reduce your enjoyment of my running adventures, such as they are!
FC Message Labs seem to be aware of the problem, as their 'Share It' gadget is no longer available to insert using the URL.
It seems strange that the Google gadget is poorly written, especially given that Google are reportedly buying out Blogger...
No comments:
Post a Comment