The actual app is pretty well xss proofed. But, unfortunately if you go to this ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

zepolen on Aug 10, 2010 | parent | context | favorite | on: I made a browser-based chat app. Based on node.js ...

The actual app is pretty well xss proofed.

But, unfortunately if you go to this link...

    http://twich.me/<script>alert(document.cookie);</script>

(had to stick it in code block because HN auto marks it as spam)

jerf on Aug 10, 2010 [–]

Ah, alas, I stand corrected. That's a 10-second one. I didn't do much more than a 10-second pass, that's usually sufficient.

zepolen on Aug 10, 2010 | [–]

Unfortunately there was also another one in the youtube embedding feature, took half an hour to find :)

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact