Trim, I love your service, but please sanitize your inputs!!

I was replying to a friend on Twitter using trim, and I had a <script> tag in the post.  I realized when I submitted that the tag made everything after it in my tweet dissapear. If you want to see the actual tweets, you can find them in my twitter feed here: Matt Bernier’s Twitter Feed

First thougt was, “No Way!”.  Second thought was, “What Else Can I do?”.

So, I tried basic HTML with this tweet:

  1. <h2>Testing whether HTML breaks</h2> B/c my
  2. <script> tag did earlier</script>
  3. <span style="color:blue;"> ScreenShot coming</script>

This got me this result:

Just HTML in the Tweet

Just HTML in the Tweet

Then I tried an alert:

  1. <script type="text/javascript">
  2. alert('does this work?');
  3. </script>

That got me this result:

Javascript Alert in a tweet

Javascript Alert in a tweet

Then lastly, I tried a little more JS, pay attention though. To make it fit, I used a URL!!

  1. <script type="text/javascript">
  3. alert('check the images')
  4. </script>

Which got me this result:

Replaced's images with Google's!

Replaced's images with Google's!

I have submitted this information to I did very mundane, topical things to the page I was looking at, and did not even attempt anything more dangerous. My hope is that you will see the humor in this, urge to fix this issue and to continue the amazing job that they do.

UPDATE: The developers are quick to read their emails, respond, and fix issues. It took all of twenty minutes from when I sent the email to them, for a response saying that this issue was fixed.

Please consider donating Dogecoin if you like my content.


Related Posts Plugin for WordPress, Blogger...

This entry was posted in Coding and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.