X-Content-Type-Options: nosniff – Giant Geek Blog
To prevent XSS/CSRF exploits in MSIE8 and newer, it’s often best to close as many attack vectors as possible. An easy one to implement is an HTTP Header to prevent MSIE from “sniffing†the content to change it when incorrect. Example: we would not want an HTML page intentionally served with ‘text/plain’ to be rendered as HTML. X-Content-Type-Options: nosniff Content-Type: text/plain This could be
InfoQ: HTML 5 Web Sockets vs. Comet and Ajax
World Wide Webã¯90年代åŠã°ã«æ€¥é€Ÿã«æˆé•·ã—ã€æƒ…å ±åˆ†æ•£ã®ä¸€ç•ªã®æ‰‹æ®µã¨ãªã£ãŸã€‚ãã—ã¦ãƒ–ラウザãŒãƒ¦ãƒ“ã‚タスã«ãªã‚Šãƒ¦ãƒ¼ã‚¶ãŒãれを使ã†ã“ã¨ã«æ…£ã‚Œã¦ãã‚Œã°ã€æ´å²ä¸Šã®ã©ã‚“ãªãƒ—ラットフォームã®ãƒ¦ãƒ¼ã‚¶æ•°ã‚ˆã‚Šã‚‚多ã„ユーザãŒåˆ©ç”¨ã™ã‚‹ã‚¢ãƒ—リケーションプラットフォームã«ãªã‚‹ã“ã¨ã¯æ˜Žã‚‰ã‹ã 。ã—ã‹ã—今ã¯HTMLã‚„HTTPãªã©ã®æ¨™æº–ãŒã€é«˜åº¦ãªã‚¤ãƒ³ã‚¿ãƒ©ã‚¯ã‚·ãƒ§ãƒ³ã‚„優れãŸãƒ¦ãƒ¼ã‚¶ã‚¨ã‚¯ã‚¹ãƒšãƒªã‚¨ãƒ³ã‚¹ã¨ã„ã£ãŸè€ƒãˆæ–¹ã‚’元々ã®è¨è¨ˆæ€æƒ³ã«æŒã£ã¦ãªã„ãŸã‚ã€ã¾ã ãã®æ®µéšŽã«ã¯è‡³ã£ã¦ã„ãªã„。多機能ãªã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¢ãƒ—リケーションをæä¾›ã—よã†ã¨ã™ã‚‹åˆæœŸã®å–り組ã¿ã®ã„ãã¤ã‹ã¯ã€Microsoftã®Exchangeエンジニアãƒãƒ¼ãƒ ã§ã•ã‚Œã¦ã„ãŸã€‚ã“ã®ãƒãƒ¼ãƒ ã¯ãƒ¡ãƒ¼ãƒ«ã‚µãƒ¼ãƒã®ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ã‚’Outlookã«ä¼¼ãŸã‚‚ã®ã«ã™ã‚‹ãŸã‚ã«96å¹´ã‹ã‚‰IFrameè¦ç´ を使ã£ã¦ã„ãŸã€‚当時ã¯ãã‚ŒãŒå¿œç”性や全般的ãªãƒ¦ãƒ¼ã‚¶ã‚¨ã‚¯ã‚¹ãƒšãƒªã‚¨ãƒ³ã‚¹ã‚’妨ã’ã‚‹ã‚‚ã®ã«ãªã£ã¦ã„ãŸãŒã€ã—ã‹ã—æ¥
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}