Research
You can find some of my research on the blog. Some research is hosted on external sources though. You can find references in the list below:
- HTML - a mutating beast
- Helping secure DOMPurify
- Mutation XSS via namespace confusion - DOMPurify < 2.0.17 bypass
- Prototype pollution - and bypassing client-side HTML sanitizers
- HTML sanitization bypass in Ruby Sanitize < 5.2.1
Marginwidth/marginheight- the unexpected cross-origin communication channel- The Curious Case of Copy & Paste - on risks of pasting arbitrary content in browsers
- CSS data exfiltration in Firefox via a single injection point
- XSS in GMail’s AMP4Email via DOM Clobbering
- Exploiting prototype pollution - RCE in Kibana (CVE-2019-7609)
- Write-up of DOMPurify 2.0.0 bypass using mutation XSS
- Server Side Template Injection - on the example of Pebble
- Security analysis of
<portal>element
Videos
I have also recorded some videos and talks:
- The Curious Case of Copy and Paste
- A word about DOMPurify bypasses a.k.a why DOM parsing is crazy
- CONFidence 2018: XSS in Google’s application and bypassing CSP
- The magic of XSS not only in web applications
Slides
List of published slides: