Client Side Template Injection for Dummies

Introduction to CSTI vulnerability:

  • Basics (for AngularJS)
  • Search methods
  • Sandbox bypass
  • HTML Sanitizer problem
  • CSP is hard

本Keynote 讲述了 Angular.js 使用不当引起的xss 的问题.

Watch on SpeakerDeck