Web Design Ireland

Just had a play around with Swurl, a great new service for aggregating your lifestream. They also allow you to create CName records to point to your own lifestream, and offer various customisation of the interface to make it fit in with the look and feel of your blog. As I was looking for a way to aggregate all of this information into my Wordpress blog, this offered a super solution.

However now for the oh oh. I thought to myself that although this customisation is great, it probably leaves them open to all sorts of cross site scripting attacks if it wasn’t being properly sanitised, and it might be worth me having a try and see if I could adjust the CSS written into the page. Alas putting the below code into the Advanced section of the site, renders out the Javascript.

Let’s hope we see this patched up before they get stung by a malicious user, XSS can be used to redirect to a similar site, asking users for their passwords or stealing cookies. I’ve sent this along to the developers via Twitter, so they can sort it out.