Full session (30 minutes)

The web is a crazy place! In this talk I will go over some weird and dark aspects of the JS eco-system, highlighting common security issues and pitfalls which we, as web developers, can learn to protect against. I will start by going over some wonky NPM packages that made it into the JS ecosystem, including: “NoCode”, “IsThirteen” and “JsF**k”. Then, we will revisit a couple of stories that are now part of web history, including #SmooshGate and recent NPM security issues from 2018. Next, I will go over some fun pranks using CSS to mess with people. Lastly, I will present some techniques one could use to make the most annoying website possible, stressing some common security pitfalls which front-end developers can learn to identify and block, such as the infamous “window.opener” property.

Emanuel Deckel