I recently found an exploit that can allow malicious sites to get access to certain kinds of cross-origin data that is not wrapped in any container format. This post is a description of that vulnerability, together with some general talk about cross-domain communication.
Do you use browser sniffing? Oh, you evil person! Your poor soul will rot and burn forever, you're summoning the wrath of the heavens!
Do you use feature detection exclusively? Aah, a pure spirit! Enlightenment has come to you; you shall forever be applauded by the angels above!
Do you live in the real world? Then this post may be for you.
I've been a fan of using
yield to create generators in Python for a long time, and when I was dragged into
doesn't offer this, so I came up with a little project that tries to emulate
Jeff Atwood calls it human unit tests and cheating. Alex Miller calls it User Based Monitoring. Namely, relying on user feedback and bug reports to let us know when we break something.
This works remarkably well – when something is wrong, we'll know about it pretty quickly. You can be sure that Meta Stack Overflow will have a new post, complaining about the bug we just introduced. In no time.
This system has been working great so far. But why? Why do people help us, for free, even though we prove bug after bug after bug that after one thing is fixed, another issue is right around the corner?