This has been demo'd a long time ago already [1], and it seems they haven't done... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Seldaek on June 24, 2010 \| parent \| context \| favorite \| on: Persistent XSS on Twitter.com This has been demo'd a long time ago already [1], and it seems they haven't done anything yet ? Wtf. [1] http://www.davidnaylor.co.uk/massive-twitter-cross-site-scri...

b3n on June 24, 2010 | [–]

It was fixed, but now it's back again...

> The problem is similar to one described last August by James Slater. That time around the issue was with the application URL, this time it appears the application name is the issue.

fname on June 24, 2010 | | [–]

EDIT: nevermind.. you're right. WTF is right.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact