More proof that web apps are impossible to secure. Great++ response from the Yahoo sec team though (10k reward): https://klikki.fi/adv/yahoo.html
-
-
Replying to @tehjh
@attrc have you seen some of the Yahoo bug reports on hackerone? this is just ridiculous. https://web.archive.org/web/20140401014825/https://hackerone.com/reports/2127 …1 reply 0 retweets 0 likes
@attrc about their filter approach: e.g. "<b><s>...</b></s>", while harmless, still goes through unchanged. it isn't DOM-based.
11:41 AM - 23 Jan 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.