alf.nu / @steike

Safari Reader Tweet V3

This uses DOM clobbering. By using <form name=theForm onmouseover=...><input name=attributes></form>, theForm.attributes will refer to the input field named 'attributes' as opposed to theForm's actual set of attributes, making the sanitizer miss the onmouseover attribute.

This is more text to trigger Reader eligibility. More text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text.

This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text. This is more text, more text.

Complaints to @steike or @steike.