Generic HTML Sanitizer Bypass Investigation
I stumbled over a weird HTML behavior on Twitter and started to investigate it. Did I just stumble over a generic HTML Sanitizer bypass?
Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)
The Tweet: / 1662701541680136195
Google XSS: • XSS on Google Search - Sanitizing HTM...
HTML Spec: https://html.spec.whatwg.org/multipag...
Chapters:
00:00 - Intro
01:09 - Sanitizing vs. Encoding
02:32 - Developing HTML Sanitizer Bypass
05:03 - Attacking DOMPurify
07:08 - Attacking Server-side Sanitizer
08:31 - HTML Parse Error Specification
10:08 - Potential Impact
11:55 - hextree.io
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Watch video Generic HTML Sanitizer Bypass Investigation online without registration, duration hours minute second in high quality. This video was added by user LiveOverflow 03 July 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 141,563 once and liked it 6.6 thousand people.