skimming the latest TweetDeck update src code - was the XSS due to broken emoji parsing? :O
-
-
Replying to @bcrypt
Mathias Bynens Retweeted Mathias Bynens
@bcrypt It might have been their replacing emoji with <img> that enabled it.https://twitter.com/mathias/status/476825142488989698 …Mathias Bynens added,
1 reply 0 retweets 1 like
Replying to @bcrypt
@bcrypt Wow. Nice work! (Of you, not @TweetDeck
)
12:26 AM - 12 Jun 2014
from Dendermonde, België
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.