miniblog.

← Back to all posts
Nov 21, 2015 at 00:51
alert(1) to win: https://escape.alf.nu/ neat XSS/escaping game
alert(1) to win

Related Posts

Jul 15, 2016 at 22:54
Facebook's warning against socially-engineered XSS is neat. It's a shame it's necessary though.
Photo
X / ?
Nov 6, 2015 at 18:26
In the DOM, no one will hear you scream https://www.slideshare.net/x00mario/in-the-dom-no-one-will-hear-you-scream (argues that perfect server-side XSS protection is impossible!)
In the DOM, no one will hear you scream
In the DOM, no one will hear you scream
The document discusses the history and development of the Document Object Model (DOM) from its early implementations in 1995 to modern standards. It outlines key milestones like DOM Level 1 in 1998, the rise of JavaScript frameworks like Prototype, jQuery and MooTools in 2005-2006, and ongoing work by the W3C and WHATWG. The talk will explore security issues that can arise from the DOM's ability to convert strings to executable code and demonstrate an attack technique called DOM clobbering. - Download as a PDF, PPTX or view online for free
Jan 15, 2014 at 14:22
I'm favouring bower over CDNs these days. No risk of XSS.