DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE.

Step to reproduce:

  1. copy content of
  2. Open in Mozilla, Create a new note, give title and paste the copied content in body of note and publish the note.
  3. Visit created note on facebook’s android app, App will goes in infinity loop and user have to close app.

Proof of concept:

Status of Vulnerability: Fixed with comment (fb consider DoS attacks in scope as long as they are persistent. (e.g. would require a user to uninstall an app or break a complete functionality)).