https://nullcathedral.com/tags/css/Where nothing is sacred.en-usNULL CATHEDRALWed, 18 Mar 2026 00:00:00 +0000Fri, 10 Apr 2026 18:00:00 +0000https://www.rssboard.org/rss-specification60https://nullcathedral.com/favicon.svghttps://nullcathedral.com/https://nullcathedral.com/posts/2026-03-18-roundcube-round-two-three-more-sanitizer-bypasses/Three more bypasses in Roundcube's HTML sanitizer: SMIL animation attributes load remote resources, unquoted body backgrounds enable CSS injection, and position:fixed !important enables phishing overlays.vulnerabilityroundcubesvgcssemail-securityhttps://nullcathedral.com/posts/2026-03-18-roundcube-round-two-three-more-sanitizer-bypasses/Wed, 18 Mar 2026 00:00:00 +0000