Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TweetDeck XSS 20140611

Avatar for Yusei Yamanaka Yusei Yamanaka
June 12, 2014
Technology
4
290

TweetDeck XSS 20140611

TweetDeck XSS 20140611
Avatar for Yusei Yamanaka

Yusei Yamanaka

June 12, 2014
Tweet

More Decks by Yusei Yamanaka

See All by Yusei Yamanaka
生配信管理システムのバックエンド〜AWS AppSyncで迅速に構築するGraphQLサービス〜 / Backend of live streaming management system - GraphQL service to build quickly with AWS AppSync
Avatar for Yusei Yamanaka miyukki
0
1.2k
"新しい未来のテレビ"を目指すABEMA配信システムの再設計 / Re-architecture of ABEMA live ingest system
Avatar for Yusei Yamanaka miyukki
0
2.4k
3周年に突入するAbemaTVの挑戦と苦悩 / The challenge and anguish of AbemaTV celebrating the third anniversary
Avatar for Yusei Yamanaka miyukki
8
4.9k
AbemaTVのアーキテクチャの変遷 / The history of AbemaTV's architecture
Avatar for Yusei Yamanaka miyukki
3
1.5k
機材管理ツールをFirebaseで構築しようとした話 / Building equipment management software with Firebase
Avatar for Yusei Yamanaka miyukki
7
4.4k
AbemaTVで働くエンジニアの裏側 / The engineer working at AbemaTV
Avatar for Yusei Yamanaka miyukki
0
860
動画配信サービスとしてこの先生きのこるには / The way to continue as a video streaming service
Avatar for Yusei Yamanaka miyukki
8
3.9k
MPEG-DASHによるリニア型配信 / Linear broadcasting by MPEG-DASH on AbemaTV
Avatar for Yusei Yamanaka miyukki
6
13k
1周年を迎えたAbemaTVの動画配信の裏側 / The background of video distribution in AbemaTV during one year
Avatar for Yusei Yamanaka miyukki
15
13k

Other Decks in Technology

See All in Technology
Опыт использования Nessie в Азбуке Вкуса
Avatar for Elena Meremyanina emeremyanina1234
0
420
Coding Agentに値札を付けろ
Avatar for watany watany
3
590
RubyKaigi NOC 近況 2025
Avatar for Sorah Fukumori sorah
3
1.2k
Software Architecture in an AI-Driven World
Avatar for AGAWA Koji atty303
61
25k
LLMベースAIの基本 / basics of LLM based AI
Avatar for Naoki Kishida kishida
4
700
4月15日の AZ 障害をテクサポの中の人目線で振り返ってみる
Avatar for kazzpapa3 kazzpapa3
3
190
インフラからSREへ
Avatar for Issei Naruta mirakui
20
7.8k
【Gen-AX】20250514開催_Findyオンラインイベント_技術選定を突き詰める
Avatar for Gen-AX株式会社 genax
0
120
Software Delivery Observability CI・CD , DORA metrics も Datadog で可視化しよう / datadog-ci-cd-observability
Avatar for Annosuke Yokoo parupappa2929
0
170
10年もののアプリケーションを運用・開発するアプリケーションエンジニアのDatadog活用術
Avatar for miyamu miyamu
0
130
Google Cloud Next 2025 Recap アプリケーション開発を加速する機能アップデート / Application development-related features of Google Cloud
Avatar for turbofish ryokotmng
0
410
ゆるくはじめるSLI・SLO
Avatar for Mirai Yato (yato) yatoum
1
120

Featured

See All Featured
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
133
9.3k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
23
1.6k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
368
19k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
45
7.2k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
Building Adaptive Systems
Avatar for Chris Keathley keathley
41
2.5k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
41
2.3k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
42
7.5k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k
Navigating Team Friction
Avatar for Lara Hogan lara
185
15k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k

Transcript

  1. じコしょ-かい なまえ ミユっき せきゅリティ いろイロ びっぐで-た

  2. None

  3. ࡢ໷ʜ

  4. None
  5. None

  6. ʊਓਓਓʊ ʼ944ʻ ʉ:?:?:ʉ

  7. None

  8. var text = “<script>alert(1);</script>http://applest.net/”;

  9. transform(text, entities) var text = “<script>alert(1)</script>http://applest.net/”; updateEntities(text, entites) (FUJOGPSNBUJPONFEJB MJOL

    NFOUJPOT IBTIUBHTJOUXFFU linkify() -JOLJGZBOElFTDBQFzGPSUXFFU emojify() &NPKJGZGPSUXFFU return Object {media: Array[0], urls: Array[1], hashtags: Array[0], user_mentions: Array[0], cashtags: Array[0]} "&lt;script&gt;alert(1)&lt;/script&gt;<a href="http://applest.net/" target="_blank" class="url-ext" rel="url" >http://applest.net/</a>" "&lt;script&gt;alert(1)&lt;/script&gt;<a href="http://applest.net/" target="_blank" class="url-ext" rel="url" >http://applest.net/</a>"

  10. transform(text, entities) var text = “—”; updateEntities(text, entites) (FUJOGPSNBUJPONFEJB MJOL

    NFOUJPOT IBTIUBHTJOUXFFU linkify() -JOLJGZBOElFTDBQFzGPSUXFFU emojify() &NPKJGZGPSUXFFU return Object {media: Array[0], urls: Array[0], hashtags: Array[0], user_mentions: Array[0], cashtags: Array[0]} “—” "<img class="emoji inline-block” draggable="false" alt=“—"src="/web/assets/emoji//2665.png">"

  11. transform(text, entities) var text = “<script>alert(1)</script>—”; updateEntities(text, entites) (FUJOGPSNBUJPONFEJB MJOL

    NFOUJPOT IBTIUBHTJOUXFFU linkify() -JOLJGZBOElFTDBQFzGPSUXFFU emojify() &NPKJGZGPSUXFFU return Object {media: Array[0], urls: Array[0], hashtags: Array[0], user_mentions: Array[0], cashtags: Array[0]} “&lt;script&gt;alert(1)&lt;/script&gt;—” "<script>alert(1)</script><img class="emoji inline-block” draggable="false" alt="—" src="/web/assets/emoji//2665.png">"

  12. 1SPCMFNT

  13. %&.0

  14. :FTUFSEBZ 5PEBZ

  15. None
  16. None

  17. ΋ͬͱηΩϡΞʹ͢ΔͨΊʹʜ ΤεέʔϓΛҙࣝ͠ͳ͍ Ϣʔβʔ͔Βͷ஋Λ৴༻͠ͳ͍ Τεέʔϓ͕ඞཁ͔Λߟ͑Δ