@mikewest @arturjanc @sirdarckcat @kkotowicz It seems that most client-side templating systems are by-passable due to "strict-dynamic".
-
-
Most of the PoCs work with reflected XSS too, wouldn't they?
-
I think so too, the reflection is not in the element import, but main html file
-
Cool, then it's probably exploitable just like most reflected XSS in Angular apps! :)
-
I see a couple of themes in the bypasses: caches, relative URLs, templating, dangling markup
-
yea, we should be more creative :)
-
We should look into encodings
-
e.g. Use the injection to make something a valid script in a weird encoding to steal the nonce
-
Then use the cache to reuse the nonce.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.