#TIL <link rel=import href=foo> works on innerHTML. AFAIK it's the only non-event-based XSS sink. Is it?
-
-
@avlidienbrunn with CSP, otherwise its not fun! :-)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.