RPO or rXSS http://www.thespanner.co.uk/2014/03/21/rpo/ my greatest ever find. Lovely design flaw.
@garethheyes I think what @lcamtuf meant is that `/public` is a root-relative URL which wouldn’t have the issues you describe.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
@garethheyes I think what @lcamtuf meant is that `/public` is a root-relative URL which wouldn’t have the issues you describe.