Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild
The Morning Paper
APRIL 9, 2019
Does your web application make use of local storage? If so, then like many developers you may well be making the assumption that when you read from local storage, it will only contain the data that you put there. There are two basic requirements for a storage-based XSS attack. As Steffens et al. no sanitisation) at a sink.
Let's personalize your content