How to Bypass CSP by Hiding JavaScript in a PNG Image

Hide a malicious JavaScript library in a PNG image and tweet it, then include it in a vulnerable website by exploiting a XSS bypassing its Content-Security-Policy (CSP). Read more

Read full article

Similar

A mostly complete guide to error handling in JavaScript

Learn how to deal with errors and exceptions in synchronous and asynchronous JavaScript code. (more…)

I have been underestimating JavaScript

I wasn’t a huge fan of Javascript in general and NodeJS in particular. I was usually more fond of other lower-level languages such as Go or Rust. I mistakenly thought Javascript and NodeJS couldn’t give me the low-level control I usually want in order to ... (more…)