onfocus

In January I posted about a peculiar problem between this site and Bloglines: Bloglines filtering. Basically, Bloglines filters out the word "onfocus" from links to avoid cross-site scripting (XSS) attacks. The filter isn't smart enough to realize that "onfocus.com" is perfectly ok, and not a threat. This means that anytime someone links to my site, or I link to images on my site, the Bloglines filter changes the domain from onfocus.com to nofocus.com. When people click on a link to my site within Bloglines, they get a 404 error page at nofocus.com. (System administrators over at nofocus.com must wonder why they get some strange 404 errors showing up in their logs.)

Anyway, I've emailed Bloglines about the problem several times and now I'm getting silence. I don't blame them, this is an obscure issue that only affects one of the millions of sites that flow through their system. But it still bugs me, so I wrote a quick Greasemonkey script to solve the problem. If you use Bloglines and Firefox and Greasemonkey, I encourage you to install this script: fix-bloglines-onfocus.user.js. (Of course, if you're reading this from within Bloglines, you'll need to visit onfocus.com directly to get the script.) The script changes any instance of "nofocus.com" to "onfocus.com". This script is as blunt as Bloglines' XSS filter, but it's my attempt to fix the issue from this end.

Many thanks to Mark Pilgrim for his Greasemonkey Patterns—it's a great resource for building scripts.

Update: Bloglines fixed their XSS filter.