XSS on Google Search - Sanitizing HTML in The Client?





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Mar 31, 2019

An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context.

The fix: https://github.com/google/closure-lib...

-=[ ā¤ļø Support ]=-

ā†’ per Video: https://www.patreon.com/join/liveover...
ā†’ per Month: https://www.youtube.com/channel/UClcE...

-=[ šŸ”“ Stuff I use ]=-

ā†’ Microphone:* https://amzn.to/2LW6ldx
ā†’ Graphics tablet:* https://amzn.to/2C8djYj
ā†’ Camera#1 for streaming:* https://amzn.to/2SJ66VM
ā†’ Lens for streaming:* https://amzn.to/2CdG31I
ā†’ Connect Camera#1 to PC:* https://amzn.to/2VDRhWj
ā†’ Camera#2 for electronics:* https://amzn.to/2LWxehv
ā†’ Lens for macro shots:* https://amzn.to/2C5tXrw
ā†’ Keyboard:* https://amzn.to/2LZgCFD
ā†’ Headphones:* https://amzn.to/2M2KhxW

-=[ šŸ• Social ]=-

ā†’ Twitter: https://twitter.com/LiveOverflow/
ā†’ Website: https://liveoverflow.com/
ā†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
ā†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ šŸ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...