* Posts by billynomates3

1 publicly visible post • joined 7 Sep 2017

Microsoft won't patch Edge browser content security bypass

billynomates3

Technically Pointless

So in order to inject the blank window to take advantage of this CSP bypass :-

Scenario A. The CSP allows inline-scripting already and the app renders user content as html without really sanitising it first. (so no real need for the CSP bypass anyway)

Scenario B. You have found another CSP bypass so that you can inject the code to open a blank window (so you need a CSP bypass to then use a CSP bypass, pointless)

Scenario C. The site is served over HTTP and you have managed to set up a man in the middle, enabling you to inject content into the page directly, again, you don't relly need the blank window CSP bypass because you can just remove the CSP header completely and do what you want.

Anyone got a theoretical example that works in a real situation where a properly defined CSP is in place?