Overview
Explore a 20-minute conference talk from USENIX Enigma 2016 that delves into the challenges of Cross-Site Scripting (XSS) filtering in modern web applications. Learn about the limitations of server-side and browser-side XSS filters, and discover why DOM-based sanitation is crucial for applications working offline, using encryption, or communicating peer-to-peer. Understand the technical challenges posed by DOM Clobbering attacks and their impact on XSS filters. Gain insights into a two-part solution that addresses these issues, including a methodology to defend against DOM Clobbering and an efficient JavaScript-based XSS filter implementation. Examine the proof-of-concept tool DOMPurify and its potential applications in various browser environments.
Syllabus
USENIX Enigma 2016 - ToStaticHTML for Everyone! About DOMPurify, ...
Taught by
USENIX Enigma Conference