-
When CSP is on Modernizr can accidently crash entire app (when Modernizr comes as part of app file).
termi updated
6 years ago
-
CSP violation reports sent when browser blocks `eval()` and inline script are identical in their contents, which makes it difficult to determine what really caused them.
In both cases the fields `vi…
-
It is unclear how to distinguish between: no credentials versus user dismisses login window (clicks X)
In this example the else if statement is triggerd for both
- no credentials stored
- or when unm…
-
As per my message to [blink-dev](https://groups.google.com/a/chromium.org/d/msg/blink-dev/nRNPNwlRS6E/nKWyk2XOAgAJ) I have strong concerns with this feature allowing compositor animations but disallow…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
Currently, to post the request with credential for authentication, the site needs to initialise the request with the opaque PasswordCredential object. The goal is to avoid leaking the credential to th…
-
Considering the removal of `` on issue #331.
For me, the main feature of `@seamless` was the ability for the `iframe` to resize based on the size of the child document (really just the height), so no…