Slides: https://tinyurl.com/tttpac Trusted Types - W3C ...
Trusted Types - W3C TPAC
Krzysztof Kotowicz, Google koto@
Slides:
DOM XSS
DOM XSS is a growing, prevalent problem
source sink location.hash bar.innerHTML At Google, DOM XSS is already the most common XSS variant Reasons: Growing complexity of client-side code Easy to introduce, hard to prevent & detect
DOM XSS is easy to introduce
DOM API has ~70 sinks that can result in JavaScript execution innerHTML, HTMLScriptElement.src, eval()
These sinks are extremely common in applications DOM API "insecure by default"
(input) => document.querySelector(`log').innerHTML = input
DOM XSS is hard to detect
Sources far away from sinks, complex data flows (e.g. server roundtrip) Static checks don't work reliably:
foo.innerHTML = bar // what is bar? foo[(_ => "innerHTML")()] = bar foo[k] = v
Manual review is infeasible Dynamic (taint-tracking, fuzzing) has a small code coverage
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- security assessment and fuzzer improvement for libtorrent
- secure design a better bug repellent
- real estate hospitality
- cheat sheet series
- claudio criscione security hyperscale
- usage python options
- c Ø choohan
- slides https tttpac trusted types w3c
- through software design preventing security bugs
- von sicherheitsdefekten ansätze zur verhinderung robuste
Related searches
- https m youtube com watch v yxttclwl3ek
- https music youtube com watch v zeys8a45ysq feature share
- https youtube com playlist list pl0cw0oxd8eewvtymcjfqup1p nxfuozar
- https youtube com playlist list pl9eafwrrill4vbumqnyfuuqbut89sdy1d
- https learning k12 com d2l le 1630000 discussions topics 3221054 view
- https m youtube com watch v 1kk2zredki
- https m youtube com watch v tgj18maegfk
- https soundcloud com user 725347153 01 let me see you utm source mobi utm camp
- https m youtube com watch v wdtyikbpaxo
- https m youtube com watch v yjo fj3l2oi
- https m youtube com watch v dso5odfdkjk
- https m youtube com watch v e5kcxejm31m