Safari needs fixing!
I’ve informed Apple of a serious Safari problem a few months ago and still they haven’t fixed it. I have decided to release a demo of how Safari will allow cross domain javascript access. I think this...
View ArticleI’m having a baby girl
I’m sorry but I’m so proud and so drunk that I had to tell the world!
View ArticleThree-Strikes and you’re DOSd
You may have heard about the Three-Strikes law proposal that has been suggested as a way to end copyright infringement. If you think about it for a minute, it could be the ultimate way to create a DOS...
View ArticleJump off a bridge specification
RFC Editor USC/ISI Jan 2011 Official Jump off a bridge protocol standards Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any...
View ArticleClik here to view.
RPO
Relative VS Absolute RPO (Relative Path Overwrite) is a technique to take advantage of relative URLs by overwriting their target file. To understand the technique we must first look into the...
View ArticleBypassing DOMPurify with mXSS
I noticed DOMPurify would let you use the title tag when injecting a self closing SVG. Normally it blocks title outside of SVG however using the self closing trick you could bypass that restriction....
View Article
