"XSS enables attackers to inject client-side scripts into web pages viewed by other users." Meh, boring topic.
Users of most apps can't be owned by someone hacking Google/FB and replacing "Like"/GA JS.
-
-
Are you saying GA/FB/Omniture/Doubleclick/… cross-origin scripts are sandboxed?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Rather, the app itself likely has "regular" XSS and can be exploited by anyone on the web.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.