Mozilla Home Dash — love this experiment in rethinking the browser from Mozilla. They call it a “browse-based browser” as opposed to “search-based browser” (hello, Chrome). Made me realize that, with Chrome, Google’s achieved a 0-click interface to search–you search without meaning to as you type in URLs, you see advertising results without ever having visited a web site.
XSS Prevention Cheat Sheet (OWASP) — HTML entity encoding doesn’t work if you’re putting untrusted data inside a script tag anywhere, or an event handler attribute like onmouseover, or inside CSS, or in a URL. So even if you use an HTML entity encoding method everywhere, you are still most likely vulnerable to XSS. You MUST use the escape syntax for the part of the HTML document you’re putting untrusted data into. That’s what the rules below are all about. (via Hacker News)