The Hidden Cost Of Sanitization How Secure Parsing Can Introduce New Xss Attack Surfaces

Modern sanitization pipelines are no longer just filtering content, they are transforming it. And that transformation introduces risk. Multi-layered sanitization stacks, each operating on different parsing grammars and policy configurations, can produce structural mutations that convert inert markup into executable payloads, without any bypass of the sanitizer itself. In this session, Ashish Kataria, security architect engineer at Synacor, will share insights on: How namespace confusion, token merging and serialization side effects create exploitable gaps in sanitization pipelines; Why multi-stage sanitizers and regex-based rewrites can inadvertently generate XSS attack surfaces; How to audit sanitizer-induced vulnerabilities using DOM comparison, structural mutation testing and browser-consistent parsing models.

Join Today
Unauthenticated Pre Pairing Gatt Write Vulnerability In Smartwatch Ecosystems
▶︎

Unauthenticated Pre Pairing Gatt Write Vulnerability In Smartwatch Ecosystems

The Soap Effect Breaking Security Assumptions In Real World Systems
▶︎

The Soap Effect Breaking Security Assumptions In Real World Systems

CyberSec India Expo: Bridging Technology Providers and Users | Prof. Ajay Singh
▶︎

CyberSec India Expo: Bridging Technology Providers and Users | Prof. Ajay Singh

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
▶︎

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

Why So Quic! Racing And Fuzzing Http3 With Quicdraw Ui
▶︎

Why So Quic! Racing And Fuzzing Http3 With Quicdraw Ui

LLC 2026 - ngZRAM in Rust: steady as it goes, by Vitaly Wool
▶︎

LLC 2026 - ngZRAM in Rust: steady as it goes, by Vitaly Wool

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
▶︎

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

What do tech pioneers think about the AI revolution? - The Engineers, BBC World Service
▶︎

What do tech pioneers think about the AI revolution? - The Engineers, BBC World Service

Anatomy Of A Supply Chain Worm Building Detection Systems That Work On Zero Days
▶︎

Anatomy Of A Supply Chain Worm Building Detection Systems That Work On Zero Days

This Was Once Illegal. Now it Makes Your Messages Unreadable.
▶︎

This Was Once Illegal. Now it Makes Your Messages Unreadable.

Is the AI Boom About to COLLAPSE?
▶︎

Is the AI Boom About to COLLAPSE?

Conan O’Brien Delivers the Commencement Address | Harvard Commencement 2026
▶︎

Conan O’Brien Delivers the Commencement Address | Harvard Commencement 2026

The Machine With Many Faces Identity Impersonation In Spiffe Spire
▶︎

The Machine With Many Faces Identity Impersonation In Spiffe Spire

Tuscan Cottage Wildflowers Oil Painting | 4K Vintage Wallpaper Art Screensaver | Vintage Frames
▶︎

Tuscan Cottage Wildflowers Oil Painting | 4K Vintage Wallpaper Art Screensaver | Vintage Frames

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Regulation, Resilience and Reality: How CXOs Navigate the Compliance Security Trade-Off
▶︎

Regulation, Resilience and Reality: How CXOs Navigate the Compliance Security Trade-Off

I Hacked This Temu Router. What I Found Should Be Illegal.
▶︎

I Hacked This Temu Router. What I Found Should Be Illegal.

I Gave ChatGPT a Body
▶︎

I Gave ChatGPT a Body