Hey, that's a very interesting topic! Thanks for this great article.
I think an additional away to close this XSS gap is to use more strict http headers.
For example you can use "X-Content-Type-Options" to avoid a "Mime-Type Transform" and make it more strict.
I write to better educate myself as I go through CTFs and Bug Bounties. If anything I have written is incorrect, please let me know and send me a link to an article to read to better educate myself.
Location
Seattle
Education
Information Technology BA and Software Engineering Bootcamp Grad
Thanks for the input Ricardo! Using more strict http headers is something that I am actually looking into later one. I've heard about some issues with URL parsing that sounds interesting too. I feel like I keep hearing about serviceworkers lately too and want to look into them more also.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey, that's a very interesting topic! Thanks for this great article.
I think an additional away to close this XSS gap is to use more strict http headers.
For example you can use "X-Content-Type-Options" to avoid a "Mime-Type Transform" and make it more strict.
developer.mozilla.org/en/docs/Web/...
//Edit
The combination with serviceworker could also be interesting. The Cache API could enable potential MimeType sniffing / ploygot here.
Thanks for the input Ricardo! Using more strict http headers is something that I am actually looking into later one. I've heard about some issues with URL parsing that sounds interesting too. I feel like I keep hearing about serviceworkers lately too and want to look into them more also.