This article explains the design and functionality of the new Sanitizer API being integrated into browsers for HTML sanitization. It highlights how the API aims to prevent XSS vulnerabilities by eliminating the need for ambiguous parsing and ensuring context sensitivity during input processing.

GMSGadget is a collection of JavaScript tools designed to bypass XSS mitigations like Content Security Policy and HTML sanitizers. The tools listed are not exploits but rather patched vulnerabilities or JavaScript behaviors that can circumvent HTML restrictions. Contributions for new gadgets and documentation improvements are encouraged.

XSSRecon automates the detection of reflected XSS vulnerabilities by testing URL parameters. It checks both raw HTTP responses and rendered DOM content, allowing security researchers to identify how special characters are handled in web applications. The tool supports concurrent processing and customizable output formats.

This article details multiple security vulnerabilities discovered in Mintlify's documentation platform, including remote code execution and cross-site scripting flaws. The author and collaborators successfully exploited these issues, leading to significant risks for Mintlify's clients, including major companies like Discord and Vercel. They also describe the swift response from Mintlify in patching these vulnerabilities.

This article examines a security flaw in the Facebook JavaScript SDK that can lead to account takeovers. It highlights the use of an insecure random number generator and a cross-site scripting vulnerability in the Customer Chat plugin, enabling attackers to exploit message validation mechanisms.