Freddy
@freddyb.bsky.social
I work on manager/security things for a non-profit software company. I love my family, my bike and reading books.
You can also find me on Mastodon as @[email protected], which I consider my primary account.
Homepage: https://frederikbraun.de/
You can also find me on Mastodon as @[email protected], which I consider my primary account.
Homepage: https://frederikbraun.de/
We had a first good outcome already (via Twitter). While `data` URLs are not what I would consider an XSS in the page, I still see it as a confusion that we should address head on. We have an issue filed in github.com/WICG/sanitiz... :)
Handling of `<a href="data:...">` · Issue #352 · WICG/sanitizer-api
We allow anchors in the default configuration and only restrict javascript: URLs. data: URLs (especially inside an iframe) might look like XSS: https://x.com/KwanAleister/status/1985542748930523233...
github.com
November 4, 2025 at 3:53 PM
We had a first good outcome already (via Twitter). While `data` URLs are not what I would consider an XSS in the page, I still see it as a confusion that we should address head on. We have an issue filed in github.com/WICG/sanitiz... :)
(Terms and conditions apply. Bounty payouts are at the discretion of the bug bounty committee etc. etc. But yes. Bugs in the sanitizer are eligible.)
November 3, 2025 at 7:53 PM
(Terms and conditions apply. Bounty payouts are at the discretion of the bug bounty committee etc. etc. But yes. Bugs in the sanitizer are eligible.)
Eine riesige Verbesserung der Lebensqualität. Vielen Dank für Ihren Einsatz! An wen schreibe ich einen höflichen Brief, dass die Ladebereiche vielleicht einen abgesenkten Bordstein für einfacheres Entladen bekommen könnten? InfraVelo oder Bezirksamt? Oder reicht hier? ;-)
September 26, 2025 at 9:35 AM
Eine riesige Verbesserung der Lebensqualität. Vielen Dank für Ihren Einsatz! An wen schreibe ich einen höflichen Brief, dass die Ladebereiche vielleicht einen abgesenkten Bordstein für einfacheres Entladen bekommen könnten? InfraVelo oder Bezirksamt? Oder reicht hier? ;-)
Reposted by Freddy
Wait, container tabs support individual proxy settings?
July 25, 2025 at 11:27 PM
Wait, container tabs support individual proxy settings?
Reposted by Freddy
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
May 31, 2025 at 5:26 PM
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
Closed the 6th floor. 3&4 are still going. Berlin and Toronto are the last offices.
May 31, 2025 at 5:32 AM
Closed the 6th floor. 3&4 are still going. Berlin and Toronto are the last offices.
it's still the mozilla office 👋
May 28, 2025 at 6:59 AM
it's still the mozilla office 👋
Echt Hammer, wie schön die Radwege sind. Aber wieso sind diese Fahrrad-Symbole so erhaben. Hätte man die nicht auch in glatt hingekriegt? Frage als absoluter Laie :)
May 26, 2025 at 7:53 AM
Echt Hammer, wie schön die Radwege sind. Aber wieso sind diese Fahrrad-Symbole so erhaben. Hätte man die nicht auch in glatt hingekriegt? Frage als absoluter Laie :)
Just watched the talk video. well explained! So sad, that there are so many findings. Would you say most DOM-based XSS is mostly `innerHTML =` or what do people usually do?
May 25, 2025 at 5:38 PM
Just watched the talk video. well explained! So sad, that there are so many findings. Would you say most DOM-based XSS is mostly `innerHTML =` or what do people usually do?
Do you intend to write it up as a blog post? Unfortunately, it’s not self-explanatory with slides? I am curious:) ps: Reminds me of frederikbraun.de/xss-digital-....
XSS in The Digital #ClimateStrike Widget
XSS in The Digital #ClimateStrike Widget
frederikbraun.de
May 24, 2025 at 5:25 PM
Do you intend to write it up as a blog post? Unfortunately, it’s not self-explanatory with slides? I am curious:) ps: Reminds me of frederikbraun.de/xss-digital-....
This is a complaint about the default. Defaults matter. You should know that.
May 22, 2025 at 4:40 AM
This is a complaint about the default. Defaults matter. You should know that.
Pfff, you're four days late. We fixed this already on Saturday 😘
May 21, 2025 at 6:42 PM
Pfff, you're four days late. We fixed this already on Saturday 😘