サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
ブラックフライデー
research.securitum.com
In this blogpost I’ll explain my recent bypass in DOMPurify – the popular HTML sanitizer library. In a nutshell, DOMPurify’s job is to take an untrusted HTML snippet, supposedly coming from an end-user, and remove all elements and attributes that can lead to Cross-Site Scripting (XSS). This is the bypass:
research.securitum.com securitum.com vulnerabilities researches and cyber security education publications This post is a write up of an already-fixed XSS in AMP4Email I reported via Google Vulnerability Reward Program in August 2019. The XSS is an example of a real-world exploitation of well-known browser issue called DOM Clobbering. What is AMP4Email AMP4Email (also known as dynamic mail) is a ne
research.securitum.com securitum.com vulnerabilities researches and cyber security education publications JWT (JSON Web Token) is a mechanism that is often used in REST APIs it can be found in popular standards, such as OpenID Connect, but we will also encounter it sometimes using OAuth2. It is used both in large companies and smaller organisations. There are many libraries available that support
research.securitum.com securitum.com vulnerabilities researches and cyber security education publications Yesterday, a new version of DOMPurify (very popular XSS sanitization library) was released, that fixed a bypass reported by us. In this post I’ll show how exactly the bypass looked like preceded by general information about DOMPurify and how it works. If you are aware of how purifiers work and
このページを最初にブックマークしてみませんか?
『research.securitum.com』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く