pull down to refresh
https://example.com/index.php?filter[category%3Cscript%3Ealert%28%27Ha]=value&filter[cked%27%29%3C%2Fscript%3E]=val
you can also break it up into multiple categories and url encode because $_GET handles that. this would look normal to the user in the ui rendering as You're currently filtering by "category"
I still dont know what they wouldn't see
Yeah that 'oversee' part threw me off but it's the first thing you see ^^
https://example.com/index.php?filter[category%3Cscript%3Ealert%28%27Ha]=value&filter[cked%27%29%3C%2Fscript%3E]=val
you can also break it up into multiple categories and url encode because $_GET handles that. this would look normal to the user in the ui rendering as You're currently filtering by "category"
I still dont know what they wouldn't see