If you want to build a "secure" webmail system, you may not want to execute scripts in emails: http://vimeo.com/99599725
@dmix it's an absurdly trivial reflective XSS, and the most obvious one you should avoid in any webmail system, let alone a "secure" one...
-
-
@bascule shows some scary priorities by the devs. Getting PoC for mainstream media coverage before XSS 101Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.