Today's topic is attacks against browser's XSS filter. XSS filter is a security function built in browsers. It aims to reduce the actual exploitation risk when web applications are vulnerable to XSS. The filter is regarded as a “best-effort second line of defense”. This means the filter is not expected to block 100% of attacks in the first place. The “first line” here is conventional security meas
![Information theft attacks abusing browser's XSS filter | 技術者ブログ | 三井物産セキュアディレクション株式会社](https://cdn-ak-scissors.b.st-hatena.com/image/square/e4185a50ada74e105ab77ee965ab4c5bf20c8c1f/height=288;version=1;width=512/https%3A%2F%2Fwww.mbsd.jp%2Fassets%2Fimages%2Fthumbnails%2Fthumb_research_20160407_01.png)