@avlidienbrunn very interesting, does this work across browsers? @homakov
@homakov @lavakumark Empty Location header + Content-Type: text/html works though, so in Location is still possible (sometimes)
-
-
-
@lavakumark Opera+Chrome.@homakov payload could look %0a%0dContent-Type: text/html%0a%0d%0a%0d<xss>. You're right though, it's very rare
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.