Here markup is stolen,nonce is extracted,then injected.The mitigation wouldn't work here I think.
-
-
Replying to @molnar_g @randomdross and
why? It seems like that proposal addresses Sebastian's concern for this PoC
2 replies 0 retweets 0 likes -
Replying to @sirdarckcat @molnar_g and
For the second PoC it would work, but I think gabor is referring to the first one.
6 replies 0 retweets 0 likes -
Replying to @slekies
: But it would be really nice to have a clever way of breaking dangling markup...
@sirdarckcat@molnar_g@randomdross@arturjanc1 reply 0 retweets 0 likes -
make browser close prev tag when it finds "<" in attr name? Is there any
1 reply 0 retweets 0 likes -
Replying to @avlidienbrunn @mikewest and
legit usecase with tags in attr name?
1 reply 0 retweets 0 likes -
-
-
Replying to @avlidienbrunn @mikewest and
ohh sorry. I misread your message. You are right, that isn't useful.
2 replies 0 retweets 0 likes -
Replying to @sirdarckcat @avlidienbrunn and
but that behavior would make some XSS possible that today aren't.
1 reply 0 retweets 1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.