What is Nostr?
pistolero /
npub1ch8…sw60
2023-05-26 20:49:38
in reply to nevent1q…nuwt

pistolero on Nostr: bajax Wrath DK anime graf mays 🛰️🪐 > This shit's got script-kiddie written ...

bajax (npub16rw…d9ze) Wrath (npub1q2j…crzn) DK (npub1rkc…fnl9) anime graf mays 🛰️🪐 (npub108z…dkr5)

> This shit's got script-kiddie written all over it.

Does look like someone that understands CSP/XSS wrote it from scratch.

> this vulnerability was a HUGE oversight that should have been obvious to anyone with half a brain years ago

...I wouldn't know anything about constantly screeching about that until it became obvious no one was gonna listen. I wouldn't know a damn thing about the PoC I did for this. Wonder how these places handle JS referenced from SVGs.

> I suspect they even knew this when they were implementing media proxy this way from the beginning, but resolved to fix it later-- and then never did.

Media proxy has been a mistake this entire time. Who guessed?
Author Public Key
npub1ch8nj9yu4676fnwkzacu28mt4y002ezeryqyuhzfnzjw560sq5fqaysw60