While filling out the Malaysian digital landing card stuff, I noticed the infosec equivalent of the snake from adam and eve offering me to possible explore cyber-crimes to a country I am about to visit. (I didn't check)
one honk maybe more
nblr@chaos.social
replied 02 Mar 2025 12:24 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/wYwNk3nBjtcsGWnr32
@benjojo #SoYouDontHaveTo edit: it even removes html-tags and of all tags i tested, the only other one that leads to a "page blocked" is <marquee> (-:
It's ok with most content but does not like <script>
benjojo
replied 02 Mar 2025 12:29 +0000
in reply to: https://chaos.social/users/nblr/statuses/114092819373524858
@nblr "nice". Given how XSS typically goes (and _boy_ do I know, given I was the single WAF guy at Cloudflare from ~2015-2017), I bet there is some funny XSS golf that would work here. Back then, every time I wrote some XSS WAF patch there was a rat race to discover some new, innovative, and cursed way browsers can run javascript.
rcombs@social.treeho..
replied 02 Mar 2025 14:08 +0000
in reply to: https://chaos.social/users/nblr/statuses/114092819373524858
lare@mastodon.lare.c..
replied 02 Mar 2025 14:19 +0000
in reply to: https://chaos.social/users/nblr/statuses/114092819373524858
jamesog@mastodon.soc..
replied 02 Mar 2025 16:13 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/wYwNk3nBjtcsGWnr32
benjojo
replied 02 Mar 2025 16:47 +0000
in reply to: https://mastodon.social/users/jamesog/statuses/114093720191857112
m@lgbtqia.space
replied 02 Mar 2025 12:18 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/wYwNk3nBjtcsGWnr32