@avlidienbrunn Can you explain how to XSS in <link> injection if < and > are disallowed?
-
-
-
If it's a stylesheet, you can use onload/onerror. Otherwise, there might be first/third-party gadgets you can use (https://gistpreview.github.io/?6f0aaca8caf0ff8375673f09607d7fec/test.html … for bootstrap example)
-
Or rel=import href=data: on chrome
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.