S5041RT41
commented
5 years ago Hey, @loklaan! :) Not sure if I put the correct label but I would love to present this topic (if it's of interest, of course ¯_(ツ)_/¯).
Closed S5041RT41 closed 4 years ago
S5041RT41
commented
5 years ago Hey, @loklaan! :) Not sure if I put the correct label but I would love to present this topic (if it's of interest, of course ¯_(ツ)_/¯).
loklaan
commented
5 years ago Hey @S5041RT41! I've been on holiday, hope you're ok with a late reply!
This talk sounds very interesting, I'm sure the folks who come to the meetups would like it both for info and entertainment (as demoing exploits is always fun 😆).
Would you be available to talk at the October event? 😄
I usually try to give early feedback on volunteered talks, but yours looks well rounded to me!
S5041RT41
commented
5 years ago Hi, @loklaan. Hope you've had a blast on holiday! 😄 😎 October works very well for me 👍 A shame you won't be there 😢 But hope everything goes fabulous in London!
loklaan
commented
5 years ago October works very well for me 👍
👏 Brilliant! Tom will be made aware of this.
A shame you won't be there 😢 But hope everything goes fabulous in London!
Aw thanks! I'll hear about it through the grapevine though hehe.
One other thing we need from ya too is deanonymization - folks need to know who is presenting. 😉
Add your details to the issue summary when you're ready.
iamtommcc
commented
5 years ago Hi @S5041RT41, taking over from the magnificent Lochie who is now living it up in London (lucky guy).
Would you still be down to deliver this talk in a 20-30 minute slot on the 21st of October? Because we'd love to have you! Topic sounds incredibly interesting and we definitely haven't had many security-focused talks at ReactBris before.
If you are still keen, as Loch mentioned you'll need to deanonymize yourself for this one (just providing your full name is fine).
S5041RT41
commented
5 years ago Hello, @iamtommcc :) Sorry for the delay! Yes, I'm still (very) keen on presenting on the 21st. And my real name is Elizaveta Konovalova ;)
Summary of talk
Before version 0.14.0, every release of React was vulnerable to the Cross-Site Scripting (XSS) attack. Refer to Snyk (https://snyk.io/vuln/npm:react). Since that version has been released, we can see that XSS regularly comes back in pre-release versions but doesn't make it to the actual release (God bless). So, why is it so difficult to "split them up"?
The main motivations behind the talk are: