issues
search
LavaMoat
/
snow
Use Snow to finally secure your web app's same origin realms!
https://lavamoat.github.io/snow/demo/
MIT License
102
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Old Snow tests show Snow vulnerability on Firefox
#59
weizman
closed
1 year ago
3
Firefox tests fail to run document.write calls
#58
weizman
closed
1 year ago
2
Custom elements are vulnerable
#57
weizman
closed
1 year ago
1
Custom elements are still vulnerable
#56
weizman
closed
1 year ago
1
Fix for bad html handling found on TikTok
#55
weizman
closed
1 year ago
0
Bug in JSON parsing on TikTok caused by Snow
#54
weizman
closed
1 year ago
1
Add Firefox support attempt
#53
weizman
closed
1 year ago
0
Secret random is weak and predictable
#52
weizman
closed
1 year ago
0
Make findWin function recursive
#51
weizman
closed
1 year ago
0
Use snow top util instead of passing callbacks
#50
weizman
closed
1 year ago
0
Allow snow overrides to be configurable
#49
weizman
closed
1 year ago
0
Handle srcdoc and javascript correctly
#48
weizman
closed
1 year ago
0
Hook to html onloads
#47
weizman
closed
1 year ago
0
Disable declarative shadows through html strings
#46
weizman
closed
1 year ago
0
[WIP] Hook URL object creation
#45
weizman
closed
1 year ago
6
Bypass Snow via declarative shadow DOM
#44
arxenix
closed
1 year ago
3
Bypasses via Blob URIs
#43
arxenix
closed
1 year ago
6
Add Safari support
#42
weizman
closed
1 year ago
0
Use function scoping in tests
#41
weizman
closed
1 year ago
0
Fix issue 39
#40
weizman
closed
1 year ago
0
Hooks for "addEventListener" and "removeEventListener" are wrongly depending on "this"
#39
weizman
closed
1 year ago
1
Restore usage of open API safely
#38
weizman
closed
1 year ago
0
Question about securely vs endo
#37
tgrecojs
closed
1 year ago
3
Remove Securely dependency
#36
weizman
closed
1 year ago
0
wrap snow build with use strict
#35
weizman
closed
1 year ago
0
Stop running securely more than once, top window only
#34
weizman
closed
1 year ago
0
Current window marking technique may cause an infinite loop
#33
weizman
closed
1 year ago
1
Figure out how or whether should Snow deal with wrapping of html string iframe onload attributes
#32
weizman
closed
1 year ago
1
better handle blocking of open api
#31
weizman
closed
2 years ago
0
Fix: Snow can be bypassed with srcdoc prop of iframe
#30
weizman
closed
2 years ago
0
Snow can be bypassed with iframe.srcdoc prop
#29
weizman
closed
2 years ago
0
improve marking and add tests to secure it
#28
weizman
closed
2 years ago
0
v1.1.0
#27
weizman
closed
2 years ago
0
Snow over processes windows (issue #24)
#26
weizman
closed
2 years ago
0
No more direct prop access with Securely (issue #23)
#25
weizman
closed
2 years ago
0
Figure out a clever way how to not rerun snow on the same window more than once
#24
weizman
closed
2 years ago
9
Better use Securely or implement self natives manager
#23
weizman
closed
1 year ago
1
Fix: Snow can be bypassed with custom elements connectedCallback (issue #12)
#22
weizman
closed
2 years ago
0
Fix: Snow can be bypassed with shadow DOMs (issue #10)
#21
weizman
closed
2 years ago
0
Fix: Snow can be bypassed with setting Symbol.toStringTag (issue #9)
#20
weizman
closed
2 years ago
0
Fix: Snow breaks the spec with shadow dom (issue #11)
#19
weizman
closed
2 years ago
0
Fix: Snow breaks the spec with add/remove event listener (issue #13)
#18
weizman
closed
2 years ago
0
Fix: Snow can be bypassed with TrustedHTML (issue #16)
#17
weizman
closed
2 years ago
0
Snow can be bypassed with a TrustedHTML node
#16
weizman
closed
2 years ago
0
Fix: Snow can be bypassed by redefining indexed properties (issue #8)
#15
weizman
closed
2 years ago
0
[DRAFT] Issue 8 fix (will change title and add details soon)
#14
weizman
closed
2 years ago
1
Snow breaks the spec regarding {add/remove}EventListener
#13
weizman
closed
2 years ago
0
Snow can be bypassed with custom elements connectedCallback (no shadow dom)
#12
benjamingr
closed
2 years ago
0
Snow fails to support compatibility with Shadow DOM
#11
weizman
closed
2 years ago
1
Snow can be bypassed with custom elements and shadow DOM
#10
benjamingr
closed
2 years ago
1
Previous
Next