
Tom Scott
How The Self-Retweeting Tweet Worked: Cross-Site Scripting (XSS) and Twitter
S4 • E63 Jun 11, 2014 6m
It should never have happened. Defending against cross-site scripting (XSS) attacks is Web Security 101. And yet, today, there was a self-retweeting tweet that hit a heck of a lot of people - anyone using Tweetdeck, Twitter's "professional" client. How did it work? Time to break down the code.
