Slide 1

Slide 1 text

XSS

Slide 2

Slide 2 text

B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP, Seccamp, etc

Slide 3

Slide 3 text

XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (3.0)

Slide 4

Slide 4 text

... XSS Sample

$_GET['mode'] hello XSS Sample

hello

Slide 5

Slide 5 text

... XSS Sample

$_GET['mode'] alert() XSS Sample

alert()

Slide 6

Slide 6 text

XSS Stored XSS( ) Re ected XSS( ) DOM Based XSS

Slide 7

Slide 7 text

XSS == XSS

Slide 8

Slide 8 text

alert(1) ">alert(1) " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1) <- a href

Slide 9

Slide 9 text

XSS

Slide 10

Slide 10 text

? / . XSS . XSS .

Slide 11

Slide 11 text

?

Slide 12

Slide 12 text

OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

Slide 13

Slide 13 text

( ) 3

Slide 14

Slide 14 text

[1] / . ...

Slide 15

Slide 15 text

[2] <alert("XSS");//< HTML XSS . ... "> alert("XSS");//<

Slide 16

Slide 16 text

[3] ... HTML (16 ) . ...

Slide 17

Slide 17 text

( )

Slide 18

Slide 18 text

( )

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

Electron Marp Electron Web ... alert() alert ...( )

Slide 21

Slide 21 text

?

Slide 22

Slide 22 text

JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

Slide 23

Slide 23 text

XSS XSS alert() Electron