On Thu, Jun 4, 2009 at 10:19 AM, David Gerard dgerard@gmail.com wrote:
Keeping well-meaning admins from putting Google web bugs in the JavaScript is a game of whack-a-mole.
Are there any technical workarounds feasible? If not blocking the loading of external sites entirely (I understand hu:wp uses a web bug that isn't Google), perhaps at least listing the sites somewhere centrally viewable?
Restrict site-wide JS and raw HTML injection to a smaller subset of users who have been specifically schooled in these issues.
This approach is also compatible with other approaches. It has the advantage of being simple to implement and should produce a considerable reduction in problems regardless of the underlying cause.
Just be glad no one has yet turned english wikipedia's readers into their own personal DDOS drone network.