About I have not really mastered this concept yet. mXSS is my introduction to reading the HTML specs. I will consider myself to somewhat understand the concept once I find a mXSS bug. This page is mainly to park some important research in mXSS that I find very interesting. Researches S1r1us mXSS Explained series: Part 1 and Part 2. His Github MXSS repository also contains a lot of insights. mXSS cheatsheet (to save some sanity reading HTML specs) SecurityMB DOMPurify 2.

Why this research? I stumbled upon this tweet by ixSly about a vulnerability in a code snippet found in Outline You can try to figure out the vulnerability here by yourself: /// userUrl is user input /// CSP: "script-src gist.github.com" const userUrl = new URL(userUrl); if (userUrl.host === "gist.github.com" && userUrl.protocol === "https:") { const gistId = userUrl.pathname.split("/")[2]; const embedScriptUrl = `https://gist.github.com/${gistId}.js`; ctx.body = ` <html> <body> <script type="text/javascript" src="${embedScriptUrl}"></script> </body> </html> `; } Github Gist JSONP endpoint I thought this is some bypass to “escape” the src quote of script.

Cool JavaScript quirks from doing challenges on prompt.ml

This is a collection of notes from doing the labs in Web Security Academy.

A famous platform for practicing Cryptography related topics. I did this for the practice of ISITDTU Finals 2022. You can check them out here