skimming the latest TweetDeck update src code - was the XSS due to broken emoji parsing? :O
@bcrypt My guess:
if (containsEmoji(tweet)) {
return replaceEmojiSymbolsWithImgTags(tweet);
} else {
return htmlEscape(tweet);
}
-
-
@mathias though it looks more like tweet = containsEmoji(tweet) ? replaceEmojiAndSomehowUnescapeHTML(tweet) : tweet -
@bcrypt Wow. Nice work! (Of you, not@TweetDeck
)
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.