mXSS: The Vulnerability Hiding in Your Code

Linking pages

Linked pages

HTML Sanitizer API - Web APIs | MDN https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API 82 comments
Mutation XSS via namespace confusion - DOMPurify < 2.0.17 bypass - research.securitum.com https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ 81 comments
Code Vulnerabilities Leak Emails in Proton Mail | Sonar https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/ 48 comments
GitHub - inikulin/parse5: HTML parsing/serialization toolset for Node.js. WHATWG HTML Living Standard (aka HTML5)-compliant. https://github.com/inikulin/parse5 9 comments
Remote Code Execution in Tutanota Desktop due to Code Flaw | Sonar https://www.sonarsource.com/blog/remote-code-execution-in-tutanota-desktop-due-to-code-flaw/ 7 comments
GitHub - mganss/HtmlSanitizer: Cleans HTML to avoid XSS attacks https://github.com/mganss/HtmlSanitizer 4 comments
Code Vulnerabilities Put Skiff Emails at Risk | Sonar https://www.sonarsource.com/blog/code-vulnerabilities-put-skiff-emails-at-risk/ 1 comment
GitHub - cure53/DOMPurify: DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: https://github.com/cure53/DOMPurify 0 comments
Write-up of DOMPurify 2.0.0 bypass using mutation XSS - research.securitum.com https://research.securitum.com/dompurify-bypass-using-mxss/ 0 comments
HTML Standard https://html.spec.whatwg.org/multipage/scripting.html#script 0 comments