From c33d0759992588163a1e44df8f21ddcb536e231e Mon Sep 17 00:00:00 2001
From: Tait Hoyem
Date: Sat, 25 Apr 2020 13:06:09 +0000
Subject: [PATCH] Update _site static files
---
_site/2020/04/25/xss.html | 3 ++-
_site/feed.xml | 5 +++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/_site/2020/04/25/xss.html b/_site/2020/04/25/xss.html
index 405c1d0..ee9f2ab 100644
--- a/_site/2020/04/25/xss.html
+++ b/_site/2020/04/25/xss.html
@@ -98,7 +98,8 @@ Internally this would be something like <
but they would show up to a user as <.
When inputs are not properly sanitized and the input is shown to the user in another part of the website,
-then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
+then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
+For example: a name for a quiz website (input) and the leaderboard for said quiz (display).
HTML, by itself is not very dangerous.
The worst thing you could do is probably put a link on your name,
diff --git a/_site/feed.xml b/_site/feed.xml
index 7dd7111..3ce28c2 100644
--- a/_site/feed.xml
+++ b/_site/feed.xml
@@ -1,4 +1,4 @@
-Jekyll2020-04-25T12:49:41+00:00http://localhost:4000/feed.xmlWhat is XSS?2020-04-25T00:00:00+00:002020-04-25T00:00:00+00:00http://localhost:4000/2020/04/25/xss<p>I found a cross-site scripting (XSS) attack
+Jekyll2020-04-25T13:05:38+00:00http://localhost:4000/feed.xmlWhat is XSS?2020-04-25T00:00:00+00:002020-04-25T00:00:00+00:00http://localhost:4000/2020/04/25/xss<p>I found a cross-site scripting (XSS) attack
in a well-known quiz hosting website.
I disclosed the vulnerability to them years ago, so I thought
now might be a good time to write about it.</p>
@@ -66,7 +66,8 @@ Internally this would be something like <code class="highlighter-rouge&q
but they would show up to a user as <code class="highlighter-rouge"><</code>.</p>
<p>When inputs are not properly sanitized <em>and</em> the input is shown to the user in another part of the website,
-then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.</p>
+then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
+For example: a name for a quiz website (input) and the leaderboard for said quiz (display).</p>
<p>HTML, by itself is not very dangerous.
The worst thing you could do is probably put a link on your name,