-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
In order to adequately test the FedCM APIs, we need to be able to set up test instances that do not require certificates. Having a flag for localhost to get around the need for certificates or .well-k…
-
**ID:** RGB_00003.002
**Categoria:** CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
**Reportado por:** Rodrigo Reginato
**Projeto:** reginato/school-sy…
-
TPAC is coming! We should create an agenda for the two sessions we have (on [23.09.2024](https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/) and [26.09.2024](https://www.w3.org/e…
-
This was mentioned as part of a security bug report for a user content domain that is capable of serving arbitrary user files.
We serve various headers for security, such as a restrictive Content-S…
-
This proposal only covers async localStorage at the moment, leaving its less common sibling sessionStorage unmentioned. Nevertheless I occasionally see those who recommend using it for handling tempor…
Zirro updated
5 years ago
-
Could we consider decoupling `` and `style="..."` usage in `style-src 'unsafe-inline'` CSP setup?
The rationale is that as far as I am aware `style="..."` has no modern security issues in CSP support…
-
Please confirm that:
* [x] You have read and understood the [requirements for registration](https://www.ietf.org/archive/id/draft-ietf-httpbis-semantics-19.html#name-field-extensibility).
* [x] Yo…