Breaking XSS mitigations via Script Gadgets
Other
Mitigations assume that blocking dangerous tags & attributes stops XSS. Is this true when building an application with a modern JS framework?
http://sebastian-lekies.de/slides/appsec2017.pdfMitigations assume that blocking dangerous tags & attributes stops XSS. Is this true when building an application with a modern JS framework?
http://sebastian-lekies.de/slides/appsec2017.pdf