Loading…
← Back to schedule
The Devil is in the Defaults - what to do about XSS
Thursday June 25, 2026 3:30pm - 4:15pm CEST
Hall G1 (Level -2)
This session is about latest defenses against Cross-Site Scritping (XSS), the most prevalent security issue of all times. We will showcase typical XSS bugs and how they can be avoided. We will also explain why previous mechanisms fall short of protecting web sites at scale and why we believe Trusted Types and the Sanitizer API can help closing this gap.
The presentation will also give hands-on advice to enable security and development teams adopting these new protections. We will close with a bit on security considerations and remainign risks.
Speakers
avatar for Frederik Braun

Frederik Braun

Security Engineer, Mozilla Firefox Berlin

Frederik Braun builds security for the web and for Mozilla Firefox from Berlin. As a contributor to standards, Frederik is also improving the web platform by bringing security into the defaults with specifications like the Sanitizer API and Subresource Integrity. Before Mozilla, Frederik... Read More →
Thursday June 25, 2026 3:30pm - 4:15pm CEST
Hall G1 (Level -2)
  Implementation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link