| 01:17 | <Domenic> | I suspect it's triggering on any page that uses <select>, customizable or no. |
| 09:11 | <Luke Warlow> | * Ahh I think I know the cause of some of that. It'll be customisable select changes which add popover to the select UA shadow Dom unconditionally. At least looking at some of the URLs that's the popover usage that's showing up in a quick devtools search. |
| 12:57 | <freddy> | Interesting perspective on credentialless allowing an attacker to turn a self-xss bug into an xss bug https://blog.slonser.info/posts/make-self-xss-great-again/ |