raphman + dom   6

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: https://cure53.de/purify
javascript  security  xss  dom  filter  opensource 
january 2016 by raphman
Python Webkit DOM Bindings
The Python Webkit DOM Project makes python a full peer of javascript when
it comes to accessing and manipulating the full features available to
Webkit, such as HTML5. Everything that can be done with javascript,
such as getElementsbyTagName and appendChild, event callbacks through
onclick, timeout callbacks through window.setTimeout, and even AJAX
using XMLHttpRequest, can also be done from python.
dom  python  webkit  framework 
march 2012 by raphman
lcamtuf's blog: Announcing cross_fuzz, a potential 0-day in circulation, and more
I am happy to announce the availability of cross_fuzz - an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market - many of said bugs exploitable - and is still finding more.

The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across multiple documents, inspecting returned objects, recursing into them, and creating circular node references that stress-test garbage collection mechanisms.
fuzzing  browser  security  javascript  dom  exploit  web 
january 2011 by raphman

Copy this bookmark: