Comments on: You Can Pry My Gmail Delete Button From My Cold, Dead Fingers http://redmonk.com/sogrady/2005/07/19/you-can-pry-my-gmail-delete-button-from-my-cold-dead-fingers/ because technology is just another ecosystem Sun, 07 Sep 2008 05:56:22 +0000 http://wordpress.org/?v=2.6 By: Jeremy Dunck http://redmonk.com/sogrady/2005/07/19/you-can-pry-my-gmail-delete-button-from-my-cold-dead-fingers/#comment-907 Jeremy Dunck Thu, 21 Jul 2005 16:35:40 +0000 http://redmonk.com/sogrady/wp/?p=510#comment-907 And hey, just to illustrate how touchy this is, it turns out that the one I said was ok: *mail.google.com/* is -not- OK, because this also matches: http://evil.com/mail.google.com/mwahaha So, like giving condoms to kids whilst urging abstinence-- be careful out there! And hey, just to illustrate how touchy this is,
it turns out that the one I said was ok:
*mail.google.com/*
is -not- OK, because this also matches:
http://evil.com/mail.google.com/mwahaha

So, like giving condoms to kids whilst urging abstinence– be careful out there!

]]> By: Jeremy Dunck http://redmonk.com/sogrady/2005/07/19/you-can-pry-my-gmail-delete-button-from-my-cold-dead-fingers/#comment-906 Jeremy Dunck Wed, 20 Jul 2005 22:03:53 +0000 http://redmonk.com/sogrady/wp/?p=510#comment-906 If you're going to run an unsafe version, please make sure that your scripts (even non-universal ones) have an @include that you intend. @include *mail.google.com/* is fine. @include *mail.google.* isn't, nor is *mail.google.com*. They'll match mail.google.com.evil.com. Then all someone has to do is phish you over to mail.google.com.evil.com, and you're done. Just an explanatory note of caution, not intended as FUD. If you’re going to run an unsafe version, please make sure that your scripts (even non-universal ones) have an @include that you intend.

@include *mail.google.com/* is fine.
@include *mail.google.* isn’t, nor is *mail.google.com*. They’ll match mail.google.com.evil.com. Then all someone has to do is phish you over to mail.google.com.evil.com, and you’re done.

Just an explanatory note of caution, not intended as FUD.

]]>