This page documents recurring attack classes that DOMPurify and other DOM-based HTML sanitizers have had to withstand: HTML parser mutation, namespace confusion, rawtext breakouts, depth-limit ...
Cross-Site Scripting (XSS) is a technique that exploits web applications by injecting scripts into pages that users trust, so that malicious code is run in their browsers. This code (typically ...
I am writing to inform you that Camilo Vera and Cristian Vargas, from the Fluid Attacks Research Team, have identified a mXSS via Re-Contextualization in DomPurify 3.3.1. This vulnerability has been ...
I spent two hours wasted on a dynamic class name bug in Tailwind v4 and regretted having to add XSS protection as an afterthought—that's where I left off last time. This time, I actually tried out ...