@rafaybaloch Please see this now: http://demo.mineuk.com/ (A message has been added for clarification).
-
-
Replying to @soaj1664ashar
@soaj1664ashar <script>alert(1);</script> still changes to [removed]alert(1);[removed]1 reply 0 retweets 0 likes -
Replying to @rafaybaloch
@rafaybaloch Yes. This is the normal behavior. It is based on CodeIgniter and will do this if found `script`.https://github.com/GrahamCampbell/Laravel-Security/blob/1.1-wip/src/Classes/Security.php#L92 …1 reply 0 retweets 0 likes -
Replying to @soaj1664ashar
@soaj1664ashar Nice, Please let me know, when it's up..1 reply 0 retweets 0 likes -
Replying to @rafaybaloch
@rafaybaloch It is up and running. You can test ... http://demo.mineuk.com/1 reply 0 retweets 0 likes -
-
Replying to @insertScript
@insertScript@soaj1664ashar So, we double html-encode the payload, the filter decodes it once and checks, but doesn't double decode.2 replies 0 retweets 0 likes
@rafaybaloch @insertScript @soaj1664ashar Here's another bypass: http://jsfiddle.net/LNR69/ :D
-
-
Replying to @avlidienbrunn
@avlidienbrunn Really Nice :P (+@rafaybaloch@insertScript)0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.