weizman

icon indicating a website link https://weizmangal.com/ icon indicating an email [email protected]

icon company @MetaMask icon location Israel icon location browser javascript security @MetaMask @LavaMoat

Results 15 comments of weizman

customElements extends check can be bypassed using a non-string

Very nice, very creative and well explained - thank you @avlidienbrunn! Did some research, not gonna be able to address this atm, leaving some extra conclusions for now: ```javascript a...

Support "unsafes" - unsafely configure Snow to allow non-secure operations

Great question. Currently, it's one of the two. I'm wondering if to split it to either: * lax or strict - where lax is "snow gives up on anything that...

Support "unsafes" - unsafely configure Snow to allow non-secure operations

Now that #133 is about to be merged, this issue gets a different spin. We might want Snow to accept "unsafes" with which the user can request to unsafely allow...

Bypass via nested same-origin iframe

In a world where: * JS runtime protections tools are popular; * Google uses such a tool (call it X); * Naturally, X is vulnerable to the same origin problem...

Realms Initialization Control

Hi @annevk, thanks for your feedback, sorry for taking a while, we spent most of that time to circle with experts to address your concerns the best way possible, by...