Скачать или смотреть Generic HTML Sanitizer Bypass Investigation

I stumbled over a weird HTML behavior on Twitter and started to investigate it. Did I just stumble over a generic HTML Sanitizer bypass?

Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)

The Tweet:   / 1662701541680136195  
Google XSS:    • XSS on Google Search - Sanitizing HTML in ...  
HTML Spec: https://html.spec.whatwg.org/multipag...

Chapters:
00:00 - Intro
01:09 - Sanitizing vs. Encoding
02:32 - Developing HTML Sanitizer Bypass
05:03 - Attacking DOMPurify
07:08 - Attacking Server-side Sanitizer
08:31 - HTML Parse Error Specification
10:08 - Potential Impact
11:55 - hextree.io

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

2nd Channel:    / liveunderflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok:   / liveoverflow_  
→ Instagram:   / liveoverflow  
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow