How The Self-Retweeting Tweet Worked: Cross-Site Scripting (XSS) and Twitter

http://tomscott.com - Twitter: tomscott - It should never have happened. Defending against cross-site scripting (XSS) attacks is Web Security 101. And yet, today, there was a self-retweeting tweet that hit a heck of a lot of people - anyone using Tweetdeck, Twitter's "professional" client. How did it work? Time to break down the code. (Remember the old Myspace worms? They worked the same way.)

THE SELF-RETWEETING TWEET: Twitter: 476764918763749376

• #education
• #tomscott
• #tom_scott
• #hypertext_transfer_protocol_internet_protocol
• #cross_site_scripting_ranked_item
• #twitter_website
• #xss
• #worms
• #hack