Рет қаралды 162,708
... and use alert(document.domain) or alert(window.origin) instead.
Blog post: liveoverflow.com/do-not-use-a...
Sponsored by Google for their Bug Hunter University: bughunters.google.com/learn/i...
00:00 - Intro
00:47 - Why Do We Use Alert(1) for XSS?
02:25 - alert(1) Popup is NOT Proof of a Vulnerability!
03:07 - Invalid XSS Example 1 on Blogger
04:43 - Sandbox Subdomains
06:27 - Sandboxed iframes
08:29 - Invalid XSS Example 2 on Google Sites
09:50 - Why Should You Care About Invalid XSS Issues?
10:55 - Summary
11:55 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow