This is a glorious story from a few years ago. If you haven't read about it before, I'm about to tell you. If you already know about this, I sugges...
For further actions, you may consider blocking this person and/or reporting abuse
The heart is the most important part of this. The XSS attack wouldn't work without it. I think it had to do with the way TweetDeck escaped HTML.
literally a heart attack
You're right, the heart emoji was integral to the attack. If I recall correctly, a new escaping mechanism for how emoji were handled was deployed and caused the XSS vulnerability.
< script >alert('Hello XSS')</ script >
The hearth emoji caused the HTML filter to break.
How many angry emails do you think the tweet deck creators got that day? hmmmm
I think they got many upon many of them ^^
Awesome! 😂
I never knew about this, ha! Retweets were made for XSS ;)
Born for each other.
Love it. Great post!
Thanks!
Well, without jQuery it wouldn't have been so easy to fit it in a tweet. But yeah, this is pretty cool :>
you can still call and execute an external script...