PSA: Don’t use `textContent`/`innerText` or `createTextNode` to strip or escape HTML. http://benv.ca/2012/10/4/you-are-probably-misusing-DOM-text-methods/ … #xss
@bdc @jedschmidt The problem is it’s easy to make a mistake when building HTML strings and end up with a security vulnerability.
-
-
@mathias@jedschmidt I see :) Thanks!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.