[langsec-discuss] WYSINWYG - a (mostly) langsec vulnerability category

Will Sargent will.sargent at gmail.com
Tue Dec 2 19:17:03 UTC 2014


Long been a fan, although it's very browser specific:

https://www.goodreads.com/review/show/772965291?book_show_action=false

The mitigation chapter of Web Application Obfuscation is also good:

https://www.goodreads.com/book/show/9231318-web-application-obfuscation

Will. 


On Tuesday, December 2, 2014 at 11:11 AM, travis+ml-langsec at subspacefield.org wrote:

> On Tue, Dec 02, 2014 at 10:01:09AM -0800, travis+ml-langsec at subspacefield.org (mailto:travis+ml-langsec at subspacefield.org) wrote:
> > then we got
> > into the game of browsers trying to correct web design flaws, and now
> > we're in the situation where the standards are ambiguous and there are
> > multiple, incompatible parsers for (for example) rendering web
> > content.
> > 
> 
> 
> On that subject check out this spectacular book:
> http://lcamtuf.coredump.cx/tangled/
> 
> I was literally amazed every few pages.
> -- 
> http://www.subspacefield.org/~travis/
> Split a packed field and I am there; parse a line of text and you will find me.
> 
> _______________________________________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org (mailto:langsec-discuss at mail.langsec.org)
> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20141202/cb070964/attachment.html>


More information about the langsec-discuss mailing list