Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TweetDeck XSS 20140611

Avatar for Yusei Yamanaka Yusei Yamanaka
June 12, 2014
Technology
320
4

TweetDeck XSS 20140611

TweetDeck XSS 20140611

Avatar for Yusei Yamanaka

Yusei Yamanaka

June 12, 2014

More Decks by Yusei Yamanaka

See All by Yusei Yamanaka
生配信管理システムのバックエンド〜AWS AppSyncで迅速に構築するGraphQLサービス〜 / Backend of live streaming management system - GraphQL service to build quickly with AWS AppSync
Avatar for Yusei Yamanaka miyukki
0
1.4k
"新しい未来のテレビ"を目指すABEMA配信システムの再設計 / Re-architecture of ABEMA live ingest system
Avatar for Yusei Yamanaka miyukki
0
2.6k
3周年に突入するAbemaTVの挑戦と苦悩 / The challenge and anguish of AbemaTV celebrating the third anniversary
Avatar for Yusei Yamanaka miyukki
8
5.3k
AbemaTVのアーキテクチャの変遷 / The history of AbemaTV's architecture
Avatar for Yusei Yamanaka miyukki
3
1.5k
機材管理ツールをFirebaseで構築しようとした話 / Building equipment management software with Firebase
Avatar for Yusei Yamanaka miyukki
7
4.7k
AbemaTVで働くエンジニアの裏側 / The engineer working at AbemaTV
Avatar for Yusei Yamanaka miyukki
0
930
動画配信サービスとしてこの先生きのこるには / The way to continue as a video streaming service
Avatar for Yusei Yamanaka miyukki
8
4k
MPEG-DASHによるリニア型配信 / Linear broadcasting by MPEG-DASH on AbemaTV
Avatar for Yusei Yamanaka miyukki
6
14k
1周年を迎えたAbemaTVの動画配信の裏側 / The background of video distribution in AbemaTV during one year
Avatar for Yusei Yamanaka miyukki
15
13k

Other Decks in Technology

See All in Technology
脱SaaS!FDEを支えるプロビジョニングと分離設計
Avatar for Kenichi SUZUKI knih
0
240
マルチアカウント環境での コーディングエージェントを使った障害調査が大変なので AIエージェントにReadOnly権限を付与してみた / ReadOnly AI Agents for Multi-Account AWS Incident Response
Avatar for Takashi Yamaguchi yamaguchitk333
2
110
ロボティクスの技術 / Robotics Technology
Avatar for Kenji Saito ks91
PRO
0
110
SteampipeとExcel Power QueryでAWS構成定義書の作成を自動化する
Avatar for jhashimoto jhashimoto
0
160
GitHub Copilot 最新アップデート – 「一歩先」の実践活用術
Avatar for zhang.william moulongzhang
5
1.5k
コミュニティの有益性 ~JAWS Days 2026 での体験を通して~ / The Benefits of a Community ~Through My Experience at JAWS Days 2026~
Avatar for shiro seike seike460
PRO
0
190
Flow 不死:AI 時代 DevOps 的不變本質
Avatar for Cheng-Wei Chen cheng_wei_chen
2
350
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
Avatar for Noriyoshi Shinoda nori_shinoda
0
170
200個のGitHubリポジトリを横断調査したかった
Avatar for Issei.Komori icck
0
140
10年間のブログ発信を振り返って見えたWebアプリケーションエンジニアとしての軌跡
Avatar for すてにゃん stefafafan
0
170
Oracle AI Database@Google Cloud:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.6k
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
2k

Featured

See All Featured
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
150
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
34k
Abbi's Birthday
Avatar for Violet Bock coloredviolet
2
8.1k
Reality Check: Gamification 10 Years Later
Avatar for Sebastian Deterding codingconduct
0
2.2k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
163
24k
Building a A Zero-Code AI SEO Workflow
Avatar for Ian Lurie portentint
PRO
0
600
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.9k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
200
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
220
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
420
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
My Coaching Mixtape
Avatar for mlcsv mlcsv
0
150

Transcript

  1. じコしょ-かい なまえ ミユっき せきゅリティ いろイロ びっぐで-た

  2. None

  3. ࡢ໷ʜ

  4. None
  5. None

  6. ʊਓਓਓʊ ʼ944ʻ ʉ:?:?:ʉ

  7. None

  8. var text = “<script>alert(1);</script>http://applest.net/”;

  9. transform(text, entities) var text = “<script>alert(1)</script>http://applest.net/”; updateEntities(text, entites) (FUJOGPSNBUJPONFEJB MJOL

    NFOUJPOT IBTIUBHTJOUXFFU linkify() -JOLJGZBOElFTDBQFzGPSUXFFU emojify() &NPKJGZGPSUXFFU return Object {media: Array[0], urls: Array[1], hashtags: Array[0], user_mentions: Array[0], cashtags: Array[0]} "&lt;script&gt;alert(1)&lt;/script&gt;<a href="http://applest.net/" target="_blank" class="url-ext" rel="url" >http://applest.net/</a>" "&lt;script&gt;alert(1)&lt;/script&gt;<a href="http://applest.net/" target="_blank" class="url-ext" rel="url" >http://applest.net/</a>"

  10. transform(text, entities) var text = “—”; updateEntities(text, entites) (FUJOGPSNBUJPONFEJB MJOL

    NFOUJPOT IBTIUBHTJOUXFFU linkify() -JOLJGZBOElFTDBQFzGPSUXFFU emojify() &NPKJGZGPSUXFFU return Object {media: Array[0], urls: Array[0], hashtags: Array[0], user_mentions: Array[0], cashtags: Array[0]} “—” "<img class="emoji inline-block” draggable="false" alt=“—"src="/web/assets/emoji//2665.png">"

  11. transform(text, entities) var text = “<script>alert(1)</script>—”; updateEntities(text, entites) (FUJOGPSNBUJPONFEJB MJOL

    NFOUJPOT IBTIUBHTJOUXFFU linkify() -JOLJGZBOElFTDBQFzGPSUXFFU emojify() &NPKJGZGPSUXFFU return Object {media: Array[0], urls: Array[0], hashtags: Array[0], user_mentions: Array[0], cashtags: Array[0]} “&lt;script&gt;alert(1)&lt;/script&gt;—” "<script>alert(1)</script><img class="emoji inline-block” draggable="false" alt="—" src="/web/assets/emoji//2665.png">"

  12. 1SPCMFNT

  13. %&.0

  14. :FTUFSEBZ 5PEBZ

  15. None
  16. None

  17. ΋ͬͱηΩϡΞʹ͢ΔͨΊʹʜ ΤεέʔϓΛҙࣝ͠ͳ͍ Ϣʔβʔ͔Βͷ஋Λ৴༻͠ͳ͍ Τεέʔϓ͕ඞཁ͔Λߟ͑Δ