###Summary Via html injection its possible to override all document functions, causing the application to crash because its using the element as a function. ###Brief explanation of how its possible override document functions with html injection: In some html elements, the name attribute becomes a property on the document object, so if ```

``` is inserted on the DOM, its created a reference for this element: ```document.xyz```. For some reason, if the name is the name of a function that already exists on the document object, its get overrided, so if ```

``` its inserted on the page, ```document.write````becomes the reference of the html element. ###PoC Required tools: 1. BurpSuite Repro Steps: Click on the ```Create Post``` feature {F1154882} Add any title and any content Select the content and click on the create link feature {F1154880} Add any link: {F1154891} Click on ```Ok``` and intecept the request on burpsuite Replace the ```link``` property to the following one(as screenshot shows): ``` https://xyz.com\">

``` {F1154883} Share the post on any channel: {F1154884} After that the application crash when you access the channel ou direct message: {F1154881} Its also pretty hard to navigate to another channel, so in many cases the slack application its all crashed(ex: when the user opened the message details and then the attacker change the content to the above payload) The only way to stop the channel from crashing its deleting on editing the post. ###Observations The desktop application its also affected On the mobile application its possible to inject iframes so a phishing attack its also possible using this payload ```https://xyz.com\">

Slack: Denial of Service via Hyperlinks in Posts