XSS on Google Search - Sanitizing HTML in The Client?
2019-03-31
[public] 635K views, 16.8K likes, 259 dislikes audio only
An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context.
The fix: https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa
=[ ā¤ļø Support ]=
ā per Video: https://www.patreon.com/join/liveoverflow
ā per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ š Social ]=
ā Twitter: https://twitter.com/LiveOverflow/
ā Website: https://liveoverflow.com/
ā Subreddit: https://www.reddit.com/r/LiveOverflow/
ā Facebook: https://www.facebook.com/LiveOverflow/
Background
/youtube/video/lG7U3fuNw3A?t=44
/youtube/video/lG7U3fuNw3A?t=44
The Problem
/youtube/video/lG7U3fuNw3A?t=112
/youtube/video/lG7U3fuNw3A?t=112
Clientside Sanitation
/youtube/video/lG7U3fuNw3A?t=335
/youtube/video/lG7U3fuNw3A?t=335
Google XSS Quirk
/youtube/video/lG7U3fuNw3A?t=468
/youtube/video/lG7U3fuNw3A?t=468
Debugging
/youtube/video/lG7U3fuNw3A?t=606
/youtube/video/lG7U3fuNw3A?t=606
The root cause
/youtube/video/lG7U3fuNw3A?t=661
/youtube/video/lG7U3fuNw3A?t=661
LiveOverflow just a wannabe hacker... making videos about various IT security topics and participating in hacking competitions.
-=[ ā¤ļø Support me ]=-
Patreon per Video: https://www.patreon.com/join/liveoverflow
YouTube Membership per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ š Imprint ]=-
Security Flag GmbH
Celsiusstr. 72
12207 Berlin
Germany
/youtube/channel/UClcE-kVhqyiHCcjYwcpfj9w
/youtube/channel/UClcE-kVhqyiHCcjYwcpfj9w
Iām moving, no videos sorry 17,489 views
/youtube/video/9CS3q0uG1LI
/youtube/video/9CS3q0uG1LI
Patreon patreon.com
https://www.patreon.com/join/liveoverflow
https://www.patreon.com/join/liveoverflow
Identifying Good Research to actually Learn Something - Cross-site Scripting 170,089 views
/youtube/video/eQFbG6CwwdI
/youtube/video/eQFbG6CwwdI