More proof that web apps are impossible to secure. Great++ response from the Yahoo sec team though (10k reward): https://klikki.fi/adv/yahoo.html
@attrc it's nice that they didn't need months to fix a critical XSS, but I don't see what's "Great++" about 11 days response time
-
-
@attrc about their filter approach: e.g. "<b><s>...</b></s>", while harmless, still goes through unchanged. it isn't DOM-based.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.