Birdwatch Note Rating
2023-12-12 06:37:03 UTC - SOMEWHAT_HELPFUL
Rated by Participant: 7C997485C660734708D27ADE799301080AAEB92BB7F8322847A5F7D831C375CB
Participant Details
Original Note:
According to OWASP, HTML Injection can allow arbitrary JavaScript code execution via event handlers. However, this rests on the assumption that CS2 both embeds a JS interpreter and that it has access to dangerous functions and/or private user data. More research is required. https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
All Note Details