X (Formerly Twitter): XSS platform.twitter.com

Since you have fixed a few problems with the FlashTransport on platform.twitter.com already, I though I would also take a look at the JavaScript around it. Problem URL: https://platform.twitter.com/widgets/hub.html Description: The mentioned page opens URLs send to it via postMessage or...