Y
Hacker News
new
|
ask
|
show
|
jobs
by
sys42590
998 days ago
If you can sneak a <blink> tag into the ticket system, you likely can sneak a in <script> or <iframe> tag as well... I'm sure input sanitization was already a thing preached back then but ignored by many web developers...
1 comments
ggambetta
998 days ago
My interpretation is that the frontend added the <blink> tag when rendering a critical-priority ticket, no injection needed.
link
db48x
997 days ago
No, it was 20 years ago. A lot of projects were really blaseĢ about html injection back then.
link