Risk of reflected cross site scripting and Content-Security-Policy bypass in the WebSub intent verification
Published:
I was reading the WebSub specification (formerly PubSubHubbub) when I found that there was a risk of reflected browser-side code injection (reflected cross site scripting, reflected XSS) in the WebSub intent verification exchange.