Loading…
← Back to schedule
The Devil is in the Defaults - what to do about XSS
Thursday June 25, 2026 3:30pm - 4:15pm CEST
Hall G1 (Level -2)
This session is about latest defenses against Cross-Site Scritping (XSS), the most prevalent security issue of all times. We will showcase typical XSS bugs and how they can be avoided. We will also explain why previous mechanisms fall short of protecting web sites at scale and why we believe Trusted Types and the Sanitizer API can help closing this gap.
The presentation will also give hands-on advice to enable security and development teams adopting these new protections. We will close with a bit on security considerations and remainign risks.
Speakers
avatar for Frederik Braun

Frederik Braun

Security Engineer, Mozilla Firefox
Frederik Braun manages the Firefox Security at Mozilla, supporting the people who break and build security architectures for the browser and the web platform. Apart from being a manager, he also contributes to web standards, with specifications like the Sanitizer API and Subresource... Read More →
Thursday June 25, 2026 3:30pm - 4:15pm CEST
Hall G1 (Level -2)
  Implementation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link