Hacker News new | ask | show | jobs
by Thaxll 4292 days ago
It has nothing to to do with TXT record, it's just the website that render html. It could be any source.
2 comments
jonknee 4292 days ago
It has everything to do with the TXT record... Every XSS could be summed up with "just the website that renders HTML", but that's pretty much the point. TXT records aren't often thought of as input and as you can see several sites made that mistake of assumption.
link
jxf 4292 days ago
It's related because it's not conventionally thought of as user input that needs to be sanitized (but, of course, it should be).
link