@0x6D6172696F Like if it strips <script>, you do <img onerror="alert<script>(1)" src=x>. should bypass chrome's filter afaik
@0x6D6172696F Well, depends - if there's a broken server-side XSS filter, you can probably use that to bypass the client-side one?
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.