Google Darts Back to VBScript

There’s an interesting discussion evolving on the WebKit developer’s mailing list that boils down to adding VBScript support to the project. Well, almost. It’s a discussion between two major contributor camps, Google and Apple, on the framework for integrating Google’s langue du jour: Dart. To set the stage, no one on the list is arguing in […]

Primordial cross-site scripting (XSS) exploits

The Hacking Web Apps book covers HTML Injection and cross-site scripting (XSS) in Chapter 2. Within the restricted confines of the allotted page count, it describes one of the most pervasive attacks that plagues modern web applications. Yet XSS is old. Very, very old. Born in the age of acoustic modems barely a Planck Era after […]

Earliest(-ish) hack against web-based e-mail

The book starts off with a discussion of cross-site scripting (XSS) attacks along with examples from 2009 that illustrate the simplicity of these attacks and the significant impact they can have. What’s astonishing is how little many of the attacks have changed. Consider the following example, over a decade old, of HTML injection before terms […]