Some webmasters include HTML in their sites' metadata:
https://darknetdiaries.com/transcript/21/
<meta property="og:description" content="Ira Winkler's specialty is assembling elite teams of special forces and intelligence officers to go after companies. Ira shares a story about a time he and his team broke into a global 5 company. A company so large that theft of intellictual property could result in billions of dollars of damage. <br><br>Ira's consulting company: <a href='http://www.securementem.com/'>Secure Mentum</a>.<br><br>His books: <a href='https://www.amazon.com/gp/product/0764584685/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0764584685&linkCode=as2&tag=tunn01-20&linkId=8f8a26b3c5fe68e6c8913ceea8adb0f5'>Spies Among Us</a>, <a href='https://www.amazon.com/gp/product/0128093161/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0128093161&linkCode=as2&tag=tunn01-20&linkId=ac08090c6d15b5ad2c77789fbcf50d56'>Advanced Persistent Security</a>, <a href='https://www.amazon.com/gp/product/0895263904/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0895263904&linkCode=as2&tag=tunn01-20&linkId=63e40c57a8bf8f04f077f55d6ed21455'>Through the Eyes of the Enemy</a>. ">
In the payload_data
that ends up looking like this escaped html code:
If we got the whole string that would be fine, but iMessage truncates this data, so we end up getting some unclosed tags.
Rendering inside of <pre><code>…</code></pre>
ends up rendering all of the escaped HTML, so I used an xmp
tag in lieu of a code
tag here to render the text properly. Since xmp
is deprecated, we should do something else here. Ideally we can avoid using Javascript, as we want these pages to be printable to a PDF, and Javascript opens the door to non-printable features.
html enhancement