issues
search
LavaMoat
/
snow
Use Snow to finally secure your web app's same origin realms!
https://lavamoat.github.io/snow/demo/
MIT License
102
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Snow can be bypassed using the Response.prototype.blob function
#159
matanber
opened
4 months ago
2
Snow can be bypassed by creating a Blob URI inside a worker
#158
matanber
opened
4 months ago
7
report from twitter
#157
kumavis
closed
9 months ago
1
Handle Document.prototype.open bypass
#156
weizman
closed
9 months ago
0
Use Object.create correctly to fix bypass
#155
weizman
closed
10 months ago
0
Snow can be bypassed with location.replace
#154
hackvertor
opened
10 months ago
3
Snow can be bypassed with forms and buttons formAction
#153
hackvertor
opened
10 months ago
1
Snow can be bypassed with nested cross-origin frames
#152
deryilz
opened
10 months ago
2
Snow can be bypassed with meta and the HTML sanitizer
#151
hackvertor
opened
10 months ago
1
fix: direct srcdoc assignment bypass
#150
naugtur
opened
11 months ago
0
Snow can be bypassed with native Prototype Pollution
#149
terjanq
opened
11 months ago
1
Snow can by bypassed with polluting NodeList.prototype.length
#148
terjanq
opened
11 months ago
2
Snow can be bypassed with declarative shadow DOM passed as object instead of string
#147
avlidienbrunn
opened
11 months ago
1
Snow can by bypassed with Prototype Pollution
#146
terjanq
closed
10 months ago
1
customElements extends check can be bypassed using a non-string
#145
avlidienbrunn
opened
11 months ago
3
Snow can be bypassed with opener.alert()
#144
terjanq
opened
11 months ago
1
Blob validation in Snow can be bypassed with native object copy
#143
terjanq
opened
11 months ago
2
Snow can by bypassed with race condition
#142
terjanq
opened
11 months ago
1
Snow can be bypassed with inline script
#141
terjanq
opened
11 months ago
4
URL is hooked but webkitURL is not
#140
deryilz
closed
11 months ago
1
Snow can be bypassed with Document.prototype.open
#139
deryilz
closed
9 months ago
2
Snow can be bypassed with iframes and srcdoc
#138
hackvertor
opened
11 months ago
1
[WIP] How can we steer away from relying on CSP for security?
#137
weizman
closed
12 months ago
0
Bypass via nested same-origin iframe
#136
NDevTK
opened
1 year ago
4
Better communicate Snow needs to be implemented in all pages
#135
weizman
closed
1 year ago
0
Release 2.0.1
#134
weizman
closed
1 year ago
0
Snow stops playing nice - security first at the cost of everything else
#133
weizman
closed
1 year ago
1
Snow 2's CSP breaks Snow's inline scripts
#132
mmndaniel
closed
1 year ago
2
Fix demo app after v2 breakage
#131
weizman
closed
1 year ago
0
Can you bypass Snow 2? 🎉
#130
weizman
closed
1 year ago
3
Can you bypass Snow 2? 🎉
#129
weizman
closed
1 year ago
2
Harden Snow iframes clashing and protection
#128
weizman
closed
1 year ago
0
Improper hook of document.open
#127
weizman
closed
1 year ago
0
Fix multiple document.write calls
#126
weizman
closed
1 year ago
0
Fix for JS URI based bypasses
#125
weizman
closed
1 year ago
0
Allow iframes to use top.SNOW properly
#124
weizman
closed
1 year ago
0
Fix for mXSS bypass
#123
weizman
closed
1 year ago
0
Better communicate Snow needs to be implemented in all pages
#122
weizman
closed
1 year ago
1
Fix clash when Snow loads in same origin realm and is also called within it (continue #97)
#121
weizman
closed
1 year ago
0
test ci delete later
#120
weizman
closed
1 year ago
0
document.open hooks with window.open instead of document.open
#119
weizman
closed
1 year ago
1
Enforce Snow integration with CSP
#118
weizman
closed
1 year ago
2
Snow can be bypassed with iframe to diffentent origin which has iframe to top origin
#117
ivars-vids
closed
1 year ago
1
Bypass with multiple doc.write calls
#116
mmndaniel
closed
1 year ago
5
Fix EventTarget prototype abuse vulnerability
#115
weizman
closed
1 year ago
0
Bypass with Function.prototype.call pollution
#114
mmndaniel
closed
1 year ago
2
Fix object proto pollution
#113
mmndaniel
closed
1 year ago
0
Bypass with Object.prototype pollution
#112
mmndaniel
closed
1 year ago
1
Implement is-cross-origin internally so it doesn't throw
#111
weizman
closed
1 year ago
2
Support "unsafes" - unsafely configure Snow to allow non-secure operations
#110
weizman
opened
1 year ago
3
Next