2009 Nov 17, 6:52"What if there was a backwards compatible way to transfer all of the resources that are used on every single page in your site — CSS, JS, images, anything else — in a single HTTP request at the start
of the first visit to the page? This is what Resource Package support in browsers will let you do." Another resource packaging implementation but this suggests they'll actually implement this in
FireFox. One issue with all of these is you can't use the resources from the package in any context that didn't ask to use the package for fear of security issues which means you can't stick the
packaged resources in your HTTP cache. The package itself could go in the cache which would mean multiple packages per page or all your page's resources in one package. Of course the same security
issues are a concern for all of the packaging proposals if a site has any way to inject into the source the request for the package. It'd be a similar vector to the UTF7 XSS issues but much worse
attack.securitywebbrowserhttpzipfirefoxresourcetechnicalvia:kris.kowal
2008 May 2, 1:55Avoid sniffing using the HTTP range header: "...if we have an application...which protects against FindMimeFromData XSS attacks by searching the first 256 bytes for certain strings, then we can
simply place our strings after the first 256 bytes and get Flvia:swannmanhttphttp-headerrangexsssecurity
2008 Jan 21, 12:25The line 'pick it up' finally making some sense. FTA: "...We recently saw an episode featuring this terrific ska cartoon about picking up after yourself.... the catchy tune is performed by ska
musicians GOGO13 and Hepcat's Alex Desert."humorvideoskamusicyo-gabba-gabbapick-it-up
Some rights reserved