Brian Mastenbrook: How I cross-site scripted Twitter in 15 minutes, and why you shouldn't store important data on 37signals' applicationsToday the Ruby on Rails security team released a patch for a cross-site scripting issue which affected multiple high-profile applications, including Twitter and Basecamp. If you're concerned about the issue and would like to see the patch, please read the advisory from the Rails security team. In this post, I discuss the overall process of finding the issue, and the reason why I'd suggest that no
