How Yesterday's Huge TweetDeck Vulnerability Happened

If you use TweetDeck in any capacity, you're probably aware of a nasty little bug that was running rampant around TweetDeck's hallowed columns yesterday afternoon. But what, exactly, was causing all the retweeted trouble? Computerphile's Tom Scott breaks it down.

It all has to do with cross-site scripting, a vulnerability that allows hackers to inject client-side script into web pages viewed by other users. Normally, sites employ a filter to stop any user-written script from affecting a web page, but there was one little bitty part of that now notorious tweet that was able to plow through TweetDeck's defenses: the emoji heart.


TweetDeck just started supporting emoji a few days ago, and apparently, it still hadn't quite worked out all the kinks. If the heart hadn't been there, TweetDeck would have processed the tweet safely and none of this would have ever happened. Let's just be grateful that "andy" didn't take the opportunity to do some real damage.

Share This Story