Letâs see what happens when I insert a link for the image. Is the URL embedded directly, or will there be some safe handling to protect against request forgeries? (View Highlight)
Chess.com handles this server-side by re-uploading the image to their content hosting server and then pointing the image URL to that. (View Highlight)
using a link whose root domain is chess.com (View Highlight)
I switched to my alt account, navigated to my main accountâs profile and then checked my altâs friend list - it had successfully added my main account. (View Highlight)
Damn, brackets are filteredâŚ.this means that I wouldnât be able to call any functions with any parameters. (View Highlight)
Even worse, practically every useful symbol is filtered â ,â ^&[]â$% (View Highlight)
Rich text editors are a gold mine for achieving XSS because they allow different HTML elements for a more stylish appearance. (View Highlight)
Instead of accepting input and treating it only as text, it has to get raw HTML and directly embed it (View Highlight)