Home / HTML Bypasses

HTML Bypasses

The Attack of the Alerts and the Zombie Script

In our previous post we found a way to UXSS (bypass the SOP policy) using the htmlFile/ActiveXObject, however, I mentioned that there were other interesting things to do using that same object. Have you tried anything? If yes, congratulations. The only way to find bugs is by trying, and today we …

Read More »

Abusing of Protocols to Load Local Files, bypass the HTML5 Sandbox, Open Popups and more

On October 25th, the fellows @MSEdgeDev twitted a link that called my attention because when I clicked on it (being on Chrome) the Windows Store App opened. It might not surprise you, but it surprised me! As far as I remembered, Chrome had this healthy habit of asking the user before opening external …

Read More »