はてなブックマーク

title: Exploring the DOMPurify library: Bypasses and Fixes date: Nov 17, 2024 tags: Article Web mXSS Exploring the DOMPurify library: Bypasses and Fixes (1/2) 📜 Introduction 🔍 How does client-side HTML sanitizer works? ❓ Why are mutation XSS (mXSS) possible? ▶️ DOMPurify 3.1.0 bypass (found by @IceFont 👑) Node flattening HTML Parsing states Proof Of Concept ⏩ DOMPurify 3.1.1 bypass DOMPurify 3.