Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk

Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like JavaScript functions, HTML5 elements, and various APIs work across different browsers. Originally...

HackerOne: Redirect while opening links in new tabs

Hello HackerOne, I'd like to report to you a nice little bug about opening links in new tabs. When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. POC:...

Having fun with

Did you know that this works in every browser? Look, here's one: An image You might think it's leaking from SVG, but SVG images don't use src, they use xlink:href. Let's all take a moment to laugh at xlink. Done? Ok… In the first age of the web, some people accidentally typed instead of . Browser...