Jasvir Nagra
@jasvir.bsky.social
Advisor & builder. Formerly security @dropbox, product @instart & @google, authored Surreptitious Software, TL for Caja. I love good food, fine wine & great JS.
I think I saw the sequel based on Banach–Tarski but it was just a remake - practically a the same as the original.
September 25, 2025 at 10:21 PM
I think I saw the sequel based on Banach–Tarski but it was just a remake - practically a the same as the original.
Would be funny if I made a duplicate joke reply here with zero additional um material.
September 25, 2025 at 10:21 PM
Would be funny if I made a duplicate joke reply here with zero additional um material.
You saying @garethheyes.co.uk and I should take down our GIF/JS polyglot writeups from way back when? ;-)
portswigger.net/research/byp...
(It's ok - mine is already offline but out of laziness rather than concern! :-) )
portswigger.net/research/byp...
(It's ok - mine is already offline but out of laziness rather than concern! :-) )
Bypassing CSP using polyglot JPEGs
James challenged me to see if it was possible to create a polyglot JavaScript/JPEG. Doing so would allow me to bypass CSP on almost any website that hosts user-uploaded images on the same domain. I gl
portswigger.net
September 22, 2025 at 9:52 PM
You saying @garethheyes.co.uk and I should take down our GIF/JS polyglot writeups from way back when? ;-)
portswigger.net/research/byp...
(It's ok - mine is already offline but out of laziness rather than concern! :-) )
portswigger.net/research/byp...
(It's ok - mine is already offline but out of laziness rather than concern! :-) )
...so you're um post gum?
September 22, 2025 at 9:16 PM
...so you're um post gum?
Forth was ahead of it's time with it's use of programmable syntactic whitespace.
September 11, 2025 at 4:59 AM
Forth was ahead of it's time with it's use of programmable syntactic whitespace.
Eh they didn't really.
September 9, 2025 at 9:21 PM
Eh they didn't really.