issues
search
LavaMoat
/
snow
Use Snow to finally secure your web app's same origin realms!
https://lavamoat.github.io/snow/demo/
MIT License
100
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Is Snow useless without CSP?
#109
weizman
closed
1 year ago
2
Handle mXSS bypass
#108
weizman
closed
1 year ago
1
Add a cmd to workflow to make sure PRs remember to add changes to dist snow files
#107
weizman
closed
1 year ago
1
Fix issue 91
#106
mmndaniel
closed
1 year ago
7
Fix Blob and URL creation behaviour
#105
weizman
closed
1 year ago
0
Forbid srcdoc frames with inner CSP meta tag
#104
weizman
closed
1 year ago
6
Hook inserter Range insertNode
#103
weizman
closed
1 year ago
0
Detect trusted HTMLs more safely
#102
weizman
closed
1 year ago
0
Handle new doc static iframes (e.g. in srcdoc)
#101
weizman
closed
1 year ago
0
Bump chrome driver version 112 to 114
#100
weizman
closed
1 year ago
0
Fix vulnerability in chromium bug workaround
#99
weizman
closed
1 year ago
0
Bypass using by making contentWindow to throw an exception
#98
mmndaniel
closed
1 year ago
3
Attempt to solve snow clash when snow protected page opens itself
#97
weizman
closed
1 year ago
1
Bypass using object with no contentWindow
#96
mmndaniel
closed
1 year ago
11
Bypass using trusted HTML type confusion
#95
mmndaniel
closed
1 year ago
3
Bypass using CSP
#94
mmndaniel
closed
1 year ago
2
Bypass using nested iframe
#93
mmndaniel
closed
1 year ago
4
Bypass using iframe sandbox
#92
mmndaniel
closed
1 year ago
1
Bypass using mXSS
#91
mmndaniel
closed
1 year ago
6
Bypass using trusted types default policy
#90
mmndaniel
closed
1 year ago
2
Hook Workers to appropriately treat Blobs completely
#89
weizman
closed
1 year ago
1
Improve Blob/File/MediaSource handling
#88
weizman
closed
1 year ago
6
Blob override is not good enough and clashes with whatwg-fetch npm package
#87
weizman
closed
1 year ago
2
Bypass with Range.insertNode
#86
mmndaniel
closed
1 year ago
2
Tests infra improvement
#85
weizman
closed
1 year ago
0
Child frames are overlooked inside opened windows
#84
weizman
closed
1 year ago
0
Open window, than open iframe seems to bypass Snow
#83
weizman
closed
1 year ago
1
attempt to solve snow clash when snow protected page opens itself
#82
weizman
closed
1 year ago
1
Clash when snow protected page opens itself
#81
weizman
closed
1 year ago
0
more javascript uri bypasses with target attr
#80
arxenix
closed
1 year ago
5
Add support for documentPictureInPicture.requestWindow (new chrome feature)
#79
weizman
closed
1 year ago
0
Demo has insecure implementation
#78
NDevTK
closed
1 year ago
1
documentPictureInPicture bypasses snow
#77
NDevTK
closed
1 year ago
6
Release 2.0.0
#76
weizman
closed
1 year ago
0
Parsing html with template element misses on framesets
#75
weizman
closed
1 year ago
0
Snow can be bypassed with frameSet
#74
magicmac
closed
1 year ago
3
Snow can be bypassed with ...data: URI
#73
magicmac
closed
11 months ago
10
Handle non existing descriptors
#72
weizman
closed
1 year ago
0
Support multiple callbacks to Snow
#71
weizman
closed
1 year ago
0
Improve README and introduce self-xss challenge
#70
weizman
closed
1 year ago
0
Disable creation of URL objects out of Blob/File
#69
weizman
closed
1 year ago
0
Snow can be bypassed with postMessage from iframe by accessing event.source and event.currentTarget
#68
rwaldron
closed
1 year ago
3
Snow can be bypassed with window.parent.alert(...)
#67
rwaldron
closed
1 year ago
2
Release 1.5.0
#66
weizman
closed
1 year ago
0
Protect document.open too
#65
weizman
closed
1 year ago
0
Snow can be bypassed with document.open('', '', '')
#64
rwaldron
closed
1 year ago
2
Release 1.4.1
#63
weizman
closed
1 year ago
0
Fix Firefox event listeners issue
#62
weizman
closed
1 year ago
0
Firefox does not respect addEventListener calls made with EventTarget of a detached realm
#61
weizman
closed
1 year ago
1
Release 1.4.0
#60
weizman
closed
1 year ago
0
Previous
Next