W3C home > Mailing lists > Public > www-tag@w3.org > June 2009

Unsafe GET becoming more popular?

From: <noah_mendelsohn@us.ibm.com>
Date: Mon, 15 Jun 2009 13:02:47 -0400
To: www-tag@w3.org
Message-ID: <OF39D1E0B1.577BBAD8-ON852575D6.005CBB46-852575D6.005D51B8@lotus.com>
For several years, the canonical example of applications causing unsafe 
GETs were emails with confirmation links, as in an email that says "click 
here to confirm your magazine subscription."  Although this is clearly a 
violation [1] of Web architecture and in particular the HTTP specification 
[2], one could argue that in practice damage was limited by the fact that 
offending links occurred in emails, that most of those emails would be 
unlikely to be managed by the sorts of tools that would aggressively 
prefetch the links (though some email readers do this when preparing to go 
into "travel mode"), I think.

Anyway, it seems the trouble is getting worse.  I just noticed the Twit 
[3] from JetBlue.  It says:

        "Wisdom of crowds time
        What's your favorite JetBlue
        snack http://tr.im/jbsnacks:
        Blue Chips (1) or Munchies
        Mix (2) ? http://tinyurl.com/d4gjww"

It's not 100% clear that votes are being tallied based on the link you 
click, but it seems implicit in the "wisdom of crowds" leadin.  I suppose 
that if the Google crawler finds this particular Twit, it will cast one 
vote for each snack, and move on.


[1] http://www.w3.org/2001/tag/doc/whenToUseGet.html#safe
[2] http://www.ietf.org/rfc/rfc2616.txt
[3] http://twitter.com/JetBlue/statuses/2178983316

Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
Received on Monday, 15 June 2009 17:01:34 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:33:02 UTC