Wednesday, April 23, 2008

Blog has moved

New home for my blog:
I am using wordpress for hosting and its fun playing with it. Please update your bookmarks and feeds. Also I have shifted my homepage to

Wednesday, April 16, 2008

Creating Error 404 page

Helping lost visitors? Sometimes a link provided by you may end up as 404 page or viewer might have typed wrong URL that doesn't lead correct page on your site. To help your visitors you can actually use .htaccess file (for Apache servers) to redirect all such links to a special page which will be more useful than plain "404 File Not found" error.

You can add this one line to .htaccess file (create this file if it doesn't exist)

ErrorDocument 404 /web404.html
This will redirect all queries for files not found in that directory and sub directories to web404.html
On that page you can provide user with:
  • Link to homepage
  • Tell them to check the URL or Go Back
  • Search functionality for your website will be very useful.
So yesterday I added a 404 page for my website: Check it out

I have also added similar functionality for my wordpress blog. For setting up 404 Error page on wordpress follow this well compiled article: Creating an Error 404 Page

Interesting read: Creating User Friendly 404 Pages
Related Post:
Web Development Tools

Tuesday, April 15, 2008

View page source trick in firefox, flock

You may have read about firefox's special about: pages like about:config, about:cache etc. Or you can go through Firefox about: pages to have an idea about them. There is one similar functionality in firefox which allows you to view page source of a page. You can type

this in location bar to view page source of
So i have made this Bookmarklet to view page source: View Source (So you can drag this to your bookmark toolbar to have quick access).

Similarly you can type javascript: in your location bar to open java script error console.

Related Post:
Firefox About Pages
Little tweaks with javascript : Bookmarklets.
Open webpages in sidebar

Monday, April 14, 2008

Cross-site Scripting (XSS)

Two days back, my shoutbox was hacked :). I was not aware that people are actually visiting this, which I made long back to have similar thing for Ethos in june, 2005. After that i haven't updated the code and many things were left in between.

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn't checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ' , " etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:


And to be on safer side we should also replace following characters:

replace ( with &#40;
replace ) with &#41;
replace & with &amp;
replace ' with &#39;
replace " with &#34;

Or If you are not expecting user to input these characters then you can simply replace these with null string;

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

Related post:
SQL Attacks: Hacking (SQL injection)

Saturday, April 12, 2008

My Toolbar 2.0

Yesterday I was working late night till 3AM, to update my extension 'My Toolbar' which I made long back in October 2006. Reason was to make it work for newer versions of firefox. But then I added some new features too :

  • I added a Explore feature which is similar to Stumble.
  • Checking cookies to verify authentication. (You can find more details on how to read browser cookies from javascript here. Actually It uses nsICookieManager interface to iterate over all of the cookies.
Try My 2.0 (Right now you may have to login to access the extension as it's in Sandbox.)

I also noticed that mozilla has redesigned the extension page. They have also added a nice statistics Dashboard for extension, provided graphical representation of number of downloads, active daily users etc. I was surprised to see that older version of My has reached a total download of 11,200 (not that a big number but still surprising for me) and number of active user around 1000.

Try My 2.0 and provide feedback.

Also Try: SearchER
Related Post: