Twitter | Pretraživanje | |
Boris
just makes me so sad. First Chrome refused to remove the behavior back when Firefox didn't implement it, and removing it was web-compatible. Then we were forced to implement it for compat. Now they want to add complexity to sometimes disable it... :(
https://research.securitum.com/xss-in-amp4email-dom-clobbering/ is a good example of the kinds of attacks enabled by the somewhat unexpected mapping of elements into the global namespace via the na...
GitHub GitHub @github
Reply Retweet Označi sa "sviđa mi se" More
Mike West 18. stu
Odgovor korisniku/ci @bz_moz
The best time to remove/attenuate quirky behavior is, indeed, several years ago. Second best is today!
Reply Retweet Označi sa "sviđa mi se"
Boris 18. stu
Odgovor korisniku/ci @mikewest
You have no idea how much time I spent back then trying to convince y'all to remove this, and just getting stonewalled. This is _incredibly_ frustrating, especially since now we bake in EVEN MORE complexity instead of what we should have done all along...
Reply Retweet Označi sa "sviđa mi se"