Everything you care about in one place

Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.

Get Feeder
← Find more feeds

thespanner.co.uk

The Spanner

Get the latest updates from The Spanner directly as they happen.

Follow now 137 followers

Latest posts

Last updated about 6 years ago

Rewriting relative urls with the base tag in Safari

about 6 years ago

I tweeted this a while ago but Twitter sucks when it comes...

Bypassing DOMPurify with mXSS

about 6 years ago

I noticed DOMPurify would let you use the title tag when injecting...

New IE mutation vector

over 9 years ago

I was messing around with a filter that didn’t correctly filter attribute...

How I smashed MentalJS

over 9 years ago

I’m proud to introduce a guest blogger on The Spanner. Jann Horn...

MentalJS DOM bypass

over 9 years ago

Ruben Ventura (@tr3w_) found a pretty cool bypass of MentalJS. He used...

Another XSS auditor bypass

over 9 years ago

This bug is similar to the last one I posted but executes...

XSS Auditor bypass

over 9 years ago

XSS Auditor is getting pretty good at least in the tests I...

Bypassing the IE XSS filter

over 9 years ago

Mario noticed that the new version of the IE filter blocks anchors...

Unbreakable filter

almost 10 years ago

I was bored so I thought I’d take a look at Ashar’s...

MentalJS bypasses

about 10 years ago

I managed to find time to fix a couple of MentalJS bypasses...

mXSS

over 10 years ago

Mutation XSS was coined by me and Mario Heiderich to describe an...

Java Serialization

over 10 years ago

In this post I will explore Java serialized applets and how they...

Sign up to continue

Try Feeder for free

Everything you care about in one place

Try Feeder now