Loading...

How The Self-Retweeting Tweet Worked: Cross-Site Scripting (XSS) and Twitter

610,709 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jun 11, 2014

http://tomscott.com - http://twitter.com/tomscott - It should never have happened. Defending against cross-site scripting (XSS) attacks is Web Security 101. And yet, today, there was a self-retweeting tweet that hit a heck of a lot of people - anyone using Tweetdeck, Twitter's "professional" client. How did it work? Time to break down the code. (Remember the old Myspace worms? They worked the same way.)

THE SELF-RETWEETING TWEET: https://twitter.com/derGeruhn/status/...

Loading...

Advertisement
When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...