Everything you care about in one place

Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.

Get Feeder
← Find more feeds

thespanner.co.uk

The Spanner

Get the latest updates from The Spanner directly as they happen.

Follow now 140 followers

Latest posts

Last updated over 6 years ago

Rewriting relative urls with the base tag in Safari

over 6 years ago

I tweeted this a while ago but Twitter sucks when it comes...

Bypassing DOMPurify with mXSS

over 6 years ago

I noticed DOMPurify would let you use the title tag when injecting...

New IE mutation vector

over 9 years ago

I was messing around with a filter that didn’t correctly filter attribute...

How I smashed MentalJS

over 9 years ago

I’m proud to introduce a guest blogger on The Spanner. Jann Horn...

MentalJS DOM bypass

over 9 years ago

Ruben Ventura (@tr3w_) found a pretty cool bypass of MentalJS. He used...

Another XSS auditor bypass

almost 10 years ago

This bug is similar to the last one I posted but executes...

XSS Auditor bypass

almost 10 years ago

XSS Auditor is getting pretty good at least in the tests I...

Bypassing the IE XSS filter

almost 10 years ago

Mario noticed that the new version of the IE filter blocks anchors...

Unbreakable filter

about 10 years ago

I was bored so I thought I’d take a look at Ashar’s...

MentalJS bypasses

over 10 years ago

I managed to find time to fix a couple of MentalJS bypasses...

mXSS

over 10 years ago

Mutation XSS was coined by me and Mario Heiderich to describe an...

Java Serialization

over 10 years ago

In this post I will explore Java serialized applets and how they...

Sign up to continue

Try Feeder for free

Everything you care about in one place

Try Feeder now