So, internet: can we agree to kill the navigate-to-a-string side-effects of `<a href="javascript:'Hi!'">click</a>`? It's nuts, right?
-
-
Replying to @mikewest
yes, please kill this!!! I saw many XSSes caused by this behavior.
1 reply 0 retweets 2 likes -
Replying to @slekies
: And now you know why I'm looking at this behavior. :)
1 reply 0 retweets 0 likes -
Replying to @mikewest
<a href="javascript:location.href=location.href">refresh</a> is vulnerable to XSS.
2 replies 2 retweets 4 likes -
We would be really sad to see <a href="javascript:name"> go. So useful!
2 replies 0 retweets 1 like
Replying to @cure53berlin @mikewest
should just send a "which browser features do you like" poll to pentesters, then kill anything they list. @cure53berlin @slekies
12:38 PM - 29 Sep 2016
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.