Browsers (tested Chrome, FF) are a lot more forgiving on Content-Type headers than I thought: http://avlidienbrunn.com/test.php?eval=alert(1%29 … #contenttype #fiddle
@avlidienbrunn <object> tag is more strict it seems, but still allows stuff after: http://avlidienbrunn.com/test_object_type.php …
7:19 AM - 13 Jul 2015
0 replies
0 retweets
6 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.