An info-graphic on Flickr recounts the cautionary tale of the Conservative Party’s experiment in social media. They aggregated the #cashgordon tag, so that messages from Twitter with this tag would appear on their own site. The disaster that resulted was made possible by three technical errors:
- They didn’t filter content: anyone could use Twitter and the hashtag to write whatever text they wanted on the Conservative site.
- They didn’t filter out markup: users could style the content of messages how they wanted, e.g. 48 point high and they could embed images of their choice (including spoofs of the Conservative poster campaign).
- They didn’t filter out Javascript commands: users could insert a command redirecting the whole site to Labour, Rickroll or porn, which they promptly did.
Code-injection is something any developer should consider when building one of these services, and surely most do, but it’s nice to have a period reminder of what can go wrong when you miss out the necessary one or two lines of code.
The Ancient Geeks 
March 23, 2010 at 7:59 pm
[…] After all, as Martin Poulter has recently pointed out on his Ancient Geeks blog in a post on The dark side of aggregating tags the Conservative Party’s experiment in social media fell foul of, presumably, left-of-centre […]