Semiconductor Engineering

DOM-Based Cross-Site Scripting

DOM-based attacks are a misunderstood, serious, and pervasive source of risk in contemporary web applications. The language that drives the web, JavaScript, is easy to understand and hard to master; ...
Dark Reading

Security 101: Cross-Site Scripting

In cyber security, attention is concentrated on the new -- zero-day exploits, for example, are big news and big business. But old threats can still cause big problems for organizations, even when the ...
InfoQ

Experimental Trusted Types API to Combat Cross-Site Scripting Vulnerabilities

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
ZDNet

Google working on new Chrome security feature to 'obliterate DOM XSS'

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...
InfoQ

WICG Publishes New HTML Sanitizer API Proposal against mXSS Attacks

The Web Platform Incubator Community Group recently published the Draft Community Group Report for the HTML Sanitizer API. The HTML Sanitizer API lets developers take untrusted strings of HTML and ...
Threat Post

Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks

Online ad industry moves away from once prolific ads that are now deemed insecure because of DOM-based XSS vulnerabilities. Certain types of online ads that expand, contract and pop-open aren’t just ...
Dark Reading

Gallup Addresses XSS Bugs in Website

Editor's Note: Dark Reading has become aware that a portion of the original Checkmarx research on these vulnerabilities is in dispute, prompting us to retract sections of our reporting below. As ...