What is Detectify?

postmessage

Account hijacking using “dirty dancing” in sign-in OAuth-flows

bug bounty Detectify Crowdsource Frans Rosén OAuth postmessage XSS
Frans Rosén postmessage Slack

Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

AddThis Mathias Karlsson postmessage

postMessage XSS on a million sites

Get research and tips from Detectify security experts and the Crowdsource hacker community Subscribe to the Detectify Monthly Round-up
Mathias Karlsson postmessage

The pitfalls of postMessage