Improved validation of Hatena Star

We have just made modifications to Hatena Star making it more difficult to add Stars without a Hatena Star code.

In the past, Stars were sometimes added unintentionally just by accessing a page in order to add a Star to an image tag for example. With today’s modification, an exchange of an encrypted character string will be required for each session, making it more difficult to add Stars unintentionally.

If you already have Hatena Star installed on your blog, you don’t have to make any changes.

Even with this modification, unintentional Stars can still appear when a script is intentionally entered in a JavaScript enabled environment. However, this problem will no longer occur on Hatena Diary and Groups because JavaScript cannot be entered in these environments.

We want you to be able to easily use Hatena Star on a variety of external blogging sites. For this reason, we have enabled adding Stars with a GET request. We are unable to limit it to only POST requests. We will continue to improve our system while trying to maintain a balance between security, openness and simplicity of use.