Iframe XSS Explained: Trust Boundaries, Messages, and Embedded Content Iframe XSS isn’t one single bug class. It can refer to XSS inside framed content, unsafe srcdoc, user-controlled iframe sources, weak postMessage handling, over-trusted widgets, or parent pages that trust child frames too much. The fix starts with trust boundaries: control iframe sources, sandbox untrusted content, …
For the past three years, the Tor Project has been working to improve the tools, resources, and protocols used to monitor the health of the Tor network. This work aims to strengthen the Tor network's resilience and resist relay attacks. As part of this effort, in July and August 2025, 7ASecurity conducted a code audit of those …
About Disguiser Disguiser is a novel framework that enables end-to-end measurement for accurately and comprehensively investigating global internet censorship practices. It’s challenging to conduct large-scale internet censorship measurement, as it involves triggering censors through artificial requests and identifying abnormalities from corresponding responses. Due to the lack of “ground truth” on the expected responses from legitimate services, …
