loading...

re: My All-Time Favorite Demonstration of a Cross-Site Scripting Attack VIEW POST

TOP OF THREAD FULL DISCUSSION
re: The heart is the most important part of this. The XSS attack wouldn't work without it. I think it had to do with the way TweetDeck escaped HTML.
 

You're right, the heart emoji was integral to the attack. If I recall correctly, a new escaping mechanism for how emoji were handled was deployed and caused the XSS vulnerability.

Code of Conduct Report abuse