JSConf JP

Kian Jamali

Kian Jamaliキアン ジャマリ(he)

Application security engineer working for Google in the Information Security team. I am mostly interested in web, crypto, and fuzzing. I enjoy CTFs and contributing to various open source projects (OWASP).

Track A
14:40-15:10(30 min)

Trusted Types: DOM XSS Proteciton at Scale

  • English

DOM XSS continues to be the most critical threat to web security. Our current best defense against DOM XSS is Trusted Types, a browser-based runtime feature to limit the uses of DOM APIs (and limit the possibility of DOM injection). We will discuss our approach to using Trusted Types at Google to protect billions of our users, the challenges of backporting Trusted Types compatibility to hundreds of webapps, and our approach to making the entire JS ecosystem safer with Trusted Types.