report from twitter - Githubissues

LavaMoat / snow

Use Snow to finally secure your web app's same origin realms!

https://lavamoat.github.io/snow/demo/

MIT License

100 stars 9 forks source link

report from twitter #157

Closed kumavis closed 7 months ago

kumavis commented 7 months ago

i=document.createElement('iframe'); document.body.append(i); setInterval(x=>i.contentWindow.promp(1)); i.contentWindow.location.replace(123)

while alert is blocked in source code by default prompts work like charm

> > there are more ways to do this also base 64 based payload is triggered straight

https://twitter.com/H4xorzz

weizman commented 7 months ago

Yea that's not really what snow is about.. the alert patch is just for demonstration, it's not really about patching alert specifically. As for the interval trick, this is a dup.