Post

Android App Links autoVerify=false Allowed Hijacking Authentication Flows

Post

POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows