@skeptic_fx @insertScript @soaj1664ashar But is the link x-domain? Same origin the filter ignores
-
-
@avlidienbrunn@superevr@skeptic_fx@garethheyes@insertScript@soaj1664ashar another example with delay! http://pastebin.com/NiAPDcgK -
@irsdl@avlidienbrunn@superevr@skeptic_fx@insertScript@soaj1664ashar This is known for ages there is an exception for same origin urls -
@garethheyes@soaj1664ashar it is not really SO. 0me.me is sending it to sdl.me. Google Chrome AntiXSS works correctly. -
@irsdl@soaj1664ashar All you've done is replaced a double encoded vector with a redirect. Chrome AntiXSS doesn't have a same origin except
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.