Unsafe Twitter-like website to show XSS attacks
insipred by TweetDeck XSS Tweet
<script>$('a')[0].click();</script>Attack
- Raw Input (XSS)
<p class="m-0">{{{ this.Text }}}</p>
- Escaped:
<p class="m-0">{{ this.Text }}</p>
- escape input tweet text
let tweet = escape(req.body.tweet);