CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc @sirdarckcat, @mikewest, @arturjanc)
-
-
yep. I really wish it was perfect
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.