You need to be logged in to carry this out. If you don't have an account, feel free to create one. |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. |
Warnings About The Security Of Embedding Feeds In Your SiteEmbedding a feed from talks.cam into your site carries some risks. Please be sure that you understand them:
Even then, because the content of talks.cam is mainly provided by users, you must trust that they have not found any exploits in our cross site scripting protection that would allow them to run arbitrary code on your pages. (This would be a violation of their terms of use, so we hope no-one will try to do it, and any such attempts would be sanctioned severely.) In detail: You must trust talks.camEach time someone visits a page on your that contains an embedded feed a set of javascript code is loaded. This code could be used to alter any of the content on the page that your visitor sees, or to take a copy of any cookies you have stored on that user’s computer. We won’t do this of course. But you will have to trust us. You must set the character encodingQuoted from Jon Warbrick:
Character encoding is set on your webserver. Consult its documentation for details. An escaping problemMarkus Kuhn has pointed out that the javascript feed we provide does not provide sufficient escaping of:
This may cause problems. A fix is being worked on. Questions and commentsIf you have questions about these warnings, or if you spot other possible vulnerabilities, please contact us. Thank you for Jon Warbrick of the Computing Service for identifying these problems, and separate problems involving vulnerabilities to cross site scripting attacks. |