This is why you sanitize user input: Chat hacked live by XSS/HTML code injection, hilarity ensues

Share this video on

What's Hot

What's New

Top Grossing

Top of the Chart

Recommend

Vixus : Vixus / Hexxyr was here Hello Twitch and Youtube people! Give TASbot a highfive for me, beep boop. ~

Kira Slith : I'm surprised nobody tried framing your window inside itself.

Mr Fathead : You are lucky you have cool followers because it looks like they could have easily got you banned from twitch.

Zupprezed : such kind hearts in your chat, none of them put porn on them scripts

Nincadalop : *Gets hacked *Chuckles I'm in danger

Andrew Seich : I love his response. "You guys just hacked my chat and broke the hell out of it..... DO IT AGAIN!"

jackjt8 : Sometimes the YouTube recommendations actually give me something truly wonderful. This was one of them.

SirNapkin1334 : I like how there are these people who don't know JS, they're just copying the

Kaera Neko : This is hilarious. Nerds are dangerous.

Overworld Alt : THE BEST HACK TO EVER EXIST. And more importantly the kids didn't see it so thats a plus

eihcrA spillihP : * {font-family: comic-sans;}

Richard Brenner : I think it's awesome that you actually had fun, and didn't try to control the madness.

Vincent Killion : I'm very disappointed that I missed the XSS in chat. That would have been a very fun thing to experience live. Thanks for uploading to share it with those that missed it. Question though, is it fixed yet?

PurpulPancakes : That is the best chat window I've ever seen.

Timmy Dirtyrat : *a HaCkEr NaMeD 4-cHaN*

boumbh : 0:50 Inverter stated "that can be... abused", and then he demonstrated... 3:36 Just testing... 9:38 This one is genius (again at 11:34) great effect 14:00 This one too. Thanks! That was instructive. I'm amazed there was nothing too evil ^^ . Your chat likes you, good chat ^^ . 3:36 don't mind me? 7:27 what was that? :-p

thefyrewire : That's pretty hilarious. I had a similar 'incident' a few weeks ago when a certain micro500 did the same to my custom chat. Fortunately he was feeling kind and the worst I got was a bunch of marquees and popup alerts lol.

asdf gh : twitch chat plays twitch chat

Esper : "JavaScript is a good language," they said. "Everything's safe," they said. "Nobody's going to somehow take a live chat reader and turn it against the user," they said. If I have to circumvent the way the language works in order to make my code not destroy itself, why do I use it? No, seriously: why are XSS/HTML/SQL still in common use with the most amazingly-simple injection error in computing history?