The Perfect Home Page

Through ajaxian.com, I found about this project “TPHP “.

“command based way to start your web journey”

An simple designed HTML page with javascripts to provide various functionality like search from google, yahoo etc and others like whois, dns lookup. It provides all these functionality with a simple command like interface. For example you can do :

-g India // to do a google search for India
-g India>> // to take you to first result of google search
-whois google.com // to do whois query

It also provides recommendation based on previous searches.
Try it..and give your feedback , would you prefer such homepage ?
For more details :TPHP: The Perfect Home Page

April 26, 2008 | Filed Under programming, tips | 2 Comments

Dilbert in new flavor

New design and features @ www.dilbert.com

Read more about it: Dilbert.com relaunches with Web 2.0 flavor.
They have added comic strips as flash content. But I liked the old format..more simple. And now all comics are colored too.

An IITian’s super power strikes again in new comic strip.

Super powers of Asok (Used till now):

Guided reincarnation
Advance shape shifting
Telekinetic powers (used to cause remote explosions, just by thinking)

Please add ..if i misssed some. (for reference of above mentioned powers see my collection)

Read My collection of strips featuring IITs and Linux

April 22, 2008 | Filed Under humor | Leave a Comment

Creating Error 404 page

Helping lost visitors? Sometimes a link provided by you may end up as 404 page or viewer might have typed wrong URL that doesn’t lead correct page on your site. To help your visitors you can actually use .htaccess file (for Apache servers) to redirect all such links to a special page which will be more useful than plain “404 File Not found” error.

You can add this one line to .htaccess file (create this file if it doesn’t exist)

ErrorDocument 404 /web404.html

This will redirect all queries for files not found in that directory and sub directories to web404.html
On that page you can provide user with:

Link to homepage
Tell them to check the URL or Go Back
Search functionality for your website will be very useful.

So yesterday I added a 404 page for my website: Check it out

I have also added similar functionality for my wordpress blog. For setting up 404 Error page on wordpress follow this well compiled article: Creating an Error 404 Page

Interesting read: Creating User Friendly 404 Pages

April 16, 2008 | Filed Under tips, webdev | Leave a Comment

View page source trick in firefox, flock

You may have read about firefox’s special about: pages like about:config, about:cache etc. Or you can go through Firefox about: pages to have an idea about them. There is one similar functionality in firefox which allows you to view page source of a page. You can type

view-source:http://www.google.com/

this in location bar to view page source of google.com.
So i have made this Bookmarklet to view page source: View Source (So you can drag this to your bookmark toolbar to have quick access).

Similarly you can type javascript: in your location bar to open java script error console.

Update1:
Key Board Shortcut: Use Ctrl+U to view page source

April 15, 2008 | Filed Under firefox, tips | 2 Comments

Cross-site Scripting (XSS)

Two days back, my shoutbox was hacked :). I was not aware that people are actually visiting this, which I made long back to have similar thing for Ethos in june, 2005. After that i haven’t updated the code and many things were left in between.

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn’t checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ‘ , ” etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:

$shout=str_replace("<","<",$_GET["shout"]);

And to be on safer side we should also replace following characters:
replace ( with ( replace ) with ) replace & with & replace ' with ' replace " with "
Or If you are not expecting user to input these characters then you can simply replace these with null string;

Update: (25-apr-2008)
You can also use php functions htmlspecialchars, htmlentities, strip_tags.

The replacements which I have mentioned above can be easily done using htmlspecialchars but if you want to extend it to all html tags then you can use htmlentities. And to strip both html and php tags from string you can use strip_tags. The disadvantage with strip_tags is that it doesn’t validate html so can cause trouble in case of broken html tags. It also provide you option to exclude list of tags from being stripped.

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

Related post:
SQL Attacks: Hacking (SQL injection)

Update(14th May 2008): XSS cheatsheet by ha.ckers.org lists possible cross site scripting methods on various browsers.

April 15, 2008 | Filed Under hacks, programming, tips | 1 Comment

My Del.icio.us Toolbar 2.0

Yesterday I was working late night till 3AM, to update my extension ‘My Del.icio.us Toolbar’ which I made long back in October 2006. Reason was to make it work for newer versions of firefox. But then I added some new features too :

I added a Explore feature which is similar to Stumble.
Checking Del.icio.us cookies to verify authentication. (You can find more details on how to read browser cookies from javascript here. Actually It uses nsICookieManager interface to iterate over all of the cookies.

Try My Del.icio.us 2.0 (Right now you may have to login to access the extension as it’s in Sandbox.)

I also noticed that mozilla has redesigned the extension page. They have also added a nice statistics Dashboard for extension, provided graphical representation of number of downloads, active daily users etc. I was surprised to see that older version of My Del.icio.us has reached a total download of 11,200 (not that a big number but still surprising for me) and number of active user around 1000.

Try My Del.icio.us 2.0 and provide feedback.