Birdwatch Note Rating
2023-12-12 12:41:44 UTC - HELPFUL
Rated by Participant: 7D21620F557F5775C3D5CF08B33A55CC81AC06D6CD8F3BB9BE1875B8F8AF7842
Participant Details
Original Note:
According to OWASP, HTML Injection can allow arbitrary JavaScript code execution via event handlers. However, this rests on the assumption that CS2 both embeds a JS interpreter and that it has access to dangerous functions and/or private user data. More research is required. https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
All Note Details