DICSS icon indicating copy to clipboard operation
DICSS copied to clipboard

Published 20 hours ago verified publisher icon letsgetrandy

[Security] exploiting vulnerable holes with DICSS

Open jameslaydigital opened this issue 10 years ago • 1 comments

Unlike CSS et al, requesting DICSS from untrusted origins opens opportunities for infection. CDNs that offer shared DICSS are also likely vectors for infection. We need to discuss ways to mitigate the consequences of cross-site injection.

XSS attacks can easily lead to sack overflows. Even with non-blocking DICSS, application will freeze. Additionally, sometimes DICSS is susceptible to general insecurities after a denial of service.

jameslaydigital avatar May 30 '15 18:05 jameslaydigital

Use ConDOMs (Content Delivery Origin Managers)

assertnotnull avatar Oct 19 '15 14:10 assertnotnull