The idea that it’s easy to protect your web app from XSS seems to be floating around the interwebz. I’ve seen a whole bunch of “tutorials” saying stuff like “just use htmlencode()” etc.
If you’re building web applications, even small ones, do yourself a favor and use a proper html sanitization library. I hear good things about HTMLPurifier (PHP) and Sanitize (Ruby); there probably is a library for most other languages as well. I don’t dare to recommend anything specific so you’ll need to do some research, but it will be time well spent. And if you’re using a framework or CMS, use the sanitization functions they provide.
I wrote down some notes on building html-based emails for myself and I thought I should post them, since it looks like people are having trouble with html emails. There’s probably nothing new here, but maybe it will be helpful to someone.
Adding custom fields to comment forms in WordPress doesn’t seem to be documented very well online and I couldn’t find any working plugins either. It’s not difficult at all, though.
I worked at Mäksa parish administration for a couple of months this summer. I was in charge of managing the networks & computers of the administration, plus a small school and a library (’tis a really small parish, like most of them in Estonia are). The last IT guy quit overnight without saying goodbye, or telling anyone the current server and network passwords.
And so it came to be that on a sunny day in August, the server hard dive ran out of space, and I (still) didn’t have the root password. So I called the ex-IT-guy, but he didn’t pick up his phone.
I kept calling him for the whole morning. Nothing.
Oh well, I thought, he’s probably really busy with his new job. Maybe he’ll call back later.
But then, in a sudden flash of insight, I looked him up on Facebook and sent him a message.
Got a reply exactly 11 minutes later.
Apparently, paraphrased from this video.
I really wish I had seen this a few years ago. I’ve always known that everything takes time and I just need to keep practicing, but I lost motivation many many times.
It’s good to know that I’m on the right path.