Comments on: Twitter misidentifying context http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: brain[pillow] http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/#comment-1683 brain[pillow] Thu, 14 Jan 2010 04:50:17 +0000 http://www.thespanner.co.uk/?p=552#comment-1683 A little bit another vector: http://search.twitter.com/search?q=%26%2339%3B)%3Balert(%26%2339%3Bxek%26%2339%3B)%3B%2F%2F A little bit another vector:

http://search.twitter.com/search?q=%26%2339%3B)%3Balert(%26%2339%3Bxek%26%2339%3B)%3B%2F%2F

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/#comment-1645 Gareth Heyes Wed, 25 Nov 2009 14:06:41 +0000 http://www.thespanner.co.uk/?p=552#comment-1645 @Mathias Yeah it executes alert(1) a couple of times, you're probably using IE and so it won't work as I use ' but if you use Firefox it will work when you click the "Tweet these results" it could work on other browsers using the alternative entities I mentioned in the post @Mathias

Yeah it executes alert(1) a couple of times, you’re probably using IE and so it won’t work as I use ' but if you use Firefox it will work when you click the “Tweet these results” it could work on other browsers using the alternative entities I mentioned in the post

]]> By: Mathias Bynens http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/#comment-1644 Mathias Bynens Wed, 25 Nov 2009 13:11:24 +0000 http://www.thespanner.co.uk/?p=552#comment-1644 Great post. Is the “Twitter poc (don’t tweet these results)” link supposed to alert something? Cause it’s not doing anything special over here. Perhaps WordPress ate parts of the URL or something? Great post.

Is the “Twitter poc (don’t tweet these results)” link supposed to alert something? Cause it’s not doing anything special over here. Perhaps WordPress ate parts of the URL or something?

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/#comment-1643 Gareth Heyes Wed, 25 Nov 2009 12:34:29 +0000 http://www.thespanner.co.uk/?p=552#comment-1643 @James Yep exactly @James

Yep exactly

]]> By: James http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/#comment-1642 James Wed, 25 Nov 2009 12:29:13 +0000 http://www.thespanner.co.uk/?p=552#comment-1642 Another reason not to use inline event handlers. Another reason not to use inline event handlers.

]]> By: c http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/#comment-1638 c Mon, 23 Nov 2009 16:10:40 +0000 http://www.thespanner.co.uk/?p=552#comment-1638 Two good posts today. I've got about a day of security reviews for our web apps now. More interesting than whatever the fuck I would have been doing, though. Two good posts today. I’ve got about a day of security reviews for our web apps now. More interesting than whatever the fuck I would have been doing, though.

]]>