Birdwatch Note Rating
2023-12-11 18:33:32 UTC - HELPFUL
Rated by Participant: C370A03B46171DD8D642DD532CD9117DD1ACCDA193E3F11A1D47985D1818B166
Participant Details
Original Note:
According to OWASP, HTML Injection can allow arbitrary JavaScript code execution via event handlers. However, this rests on the assumption that CS2 both embeds a JS interpreter and that it has access to dangerous functions and/or private user data. More research is required. https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
All Note Details