An info-graphic on Flickr recounts the cautionary tale of the Conservative Party’s experiment in social media. They aggregated the #cashgordon tag, so that messages from Twitter with this tag would appear on their own site. The disaster that resulted was made possible by three technical errors:
- They didn’t filter content: anyone could use Twitter and the hashtag to write whatever text they wanted on the Conservative site.
- They didn’t filter out markup: users could style the content of messages how they wanted, e.g. 48 point high and they could embed images of their choice (including spoofs of the Conservative poster campaign).
Code-injection is something any developer should consider when building one of these services, and surely most do, but it’s nice to have a period reminder of what can go wrong when you miss out the necessary one or two lines of code.