I wanting to show you guys a little bit of code I inserted into an online job application I filled out this morning:

<style="font-size:0px"  Hey, if you see this text, you should 
 know that I'm a pretty special candidate. Can you make sure 
 you let the hiring manager know? Anyway, shoot me an email if
 you see this, ok?>

I was surprised that I could edit the source code of the system's paste-in resume block-- but when I reloaded the page, the text was still in there. I'm hopeful that someone will at least see it and get a good chuckle.

Or, and more importantly, I also hope it will make the site's administrator aware of the potential security concern this creates. A few choice SQL commands dropped into this form would really mess up his day. And probably a lot of other people's. I did't do that because I'm not a jerk. But trust me, there are a lot of jerks out there.

I'll let update this post if I get an email from anyone about this. But I know I won't. Trust me, I've been on corporate teams that built this kind of garbage, and even if (and that's usually a pretty big if) someone on the team was well aware of the potential security risk, the rest of the team either downplayed it, didn't believe it, or blew it off.

Comments in the code: Make them Chuckle

Having a real GabeTime.com

The latest from our friends at It Will Probably Be Ok.