Outreachy: Difference between revisions

* Familiarize yourself with the problem by reading literature on XSS-Filters: Introduction of the Chrome/Webkit filter called XSS Auditor in "Regular expressions considered harmful in client-side XSS filters" Security vulnerabilities introduced though XSS filters in IE8: https://blog.c22.cc/2010/04/15/blackhat-europe-universal-xss-via-ie8s-xss-filters-2/ Bypassing XSS filters: (http://www.thespanner.co.uk/2015/02/10/xss-auditor-bypass/, http://brutelogic.com.br/blog/chrome-xss-bypass/)

* Familiarize yourself with the state of the art of implementing an XSS filter: Browse the source code of NoScript, XSSAuditor in WebKit, or also the source of Internet Explorer (which can be inspected by looking into mshtml.dll) Compare approaches of these filters to answer questions like: where do their approaches overlap, which differences exist in their threat models, etc.

* Prepare yourself for implementing a filter within Firefox: Outline the advantages and disadvantages of existing approaches Sketch out details for the actual implementation