Krzysztof Kotowicz
Krzysztof Kotowicz
I've added simple, extensible functionality to tamper with server responses before they are sent to client. It's optional, you can have your own classes implementing the tapering and configure them...
Not a bug; just a suggestion, as we've had similar ideas to detect DOM XSSes. Since TTT is a Chrome extension, and is a tool for pentesters/bughunters, you might use...
This calls the get Trusted Types-compliant attribute value algorithm from Trusted Types (https://github.com/w3c/trusted-types/pull/418) from attribute's change, append, and replace. Changed the signature of `setAttribute` and `setAttributeNS` to accept Trusted Types...
* https://wpt.fyi/results/trusted-types/block-string-assignment-to-Element-setAttribute.html needs * test with an attribute (e.g. HTML's `srcdoc`) node created in a different realm. It should be rejected when imported and added to an iframe in the...
`trusted-script` keyword [is used](https://wicg.github.io/trusted-types/dist/spec/index.html#trusted-script-csp-keyword) now for `javascript:` navigations and `eval` guarding. Since we've integrated with CSP logic, perhaps the keyword is now superfluous? If a website uses `eval` or `javacsript:`...
Resolves #10.
Entry criteria for stage 3: - [x] complete [spec text](https://tc39.es/proposal-array-is-template-object/) - [ ] designated reviewers signoff - [x] all ECMAscript reviewers signoff
Dynamic import - for the web platform - is a DOM XSS execution sink (a'la eval). Unlike static import, its value cannot be determined statically, and the websites have no...
This is regarding the discussion in #17773. React-DOM currently stringifies DOM attribute values before passing them to `Element.setAttribute(NS)` functions. This might be unnecessary, as these functions implicitly stringify attribute values...
When generating ECDSA/ECDH keys OpenKeyChain uses SHA256 as a digest algorithm for UserID/Subkey binding signatures. Instead, a hash algo matching the curve should be chosen (see https://tools.ietf.org/html/rfc6637#section-13) not to reduce...