- From: Eduardo Vela <sirdarckcat@gmail.com>
- Date: Thu, 26 Jan 2017 07:57:27 +0000
- To: "public-web-security@w3.org" <public-web-security@w3.org>
Received on Thursday, 26 January 2017 07:58:11 UTC
Hi In case any of you is interested in XSS mitigations, here's a short proposal of a somewhat new type of XSS mitigation: http://sirdarckcat.blogspot.com/2017/01/fighting-xss-with-isolated-scripts.html There is a prototype implemented as a chrome extension for a demo website. The things I'm mostly interested to hear about are: - Potential adoption concerns by developers - Design-level security flaws in the concept - Ways to simplify the design further - Related but unmitigated vulnerabilities Thank you for your time!
Received on Thursday, 26 January 2017 07:58:11 UTC