pwneglyph logo

Note

web javascript checklist methodology

First-pass triage checklist for JS/browser targets — reparse sinks, prototype pollution, CSP bypass chains, and the key browser primitives.

When the Stack is JS / Browser

A quick triage list for what to think about first when the target is JavaScript / browser-heavy.

Checklist

  • Think about whether the sink is server-side serialization plus browser reparse, not just raw innerHTML.
  • Think about path-copy gadgets, prototype pollution, DOM clobbering, and replacing existing helpers rather than injecting entirely new code.
  • Think about CSP bypass as a chain: write primitive, nonce discovery, reparse sink, or alternate script types.
  • Think about postMessage, e.source vs e.origin, execCommand, import(data:), SIGUSR1, and bypassSecurityTrustHtml.

Sources

  • Aggregated from the JavaScript / Browser section of the 2026 web corpus.