The slides of our @BlackHatEvents Talk on XSSI are now online http://goo.gl/39orfD cc @kcotsneb @datenkeller
@slekies @BlackHatEvents @kcotsneb @datenkeller re putting dynamic data in inline scripts: that's also not sooo nice because of XSS auditor
-
-
@slekies@BlackHatEvents@kcotsneb@datenkeller in chrome <script>var o={"first":"Foo","last":"Bar"};</script> iirc lets you brute "Foo" -
@slekies@BlackHatEvents@kcotsneb@datenkeller if you can detect blocking. iirc the auditor truncates the script body at the comma - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.