Since the conference was held virtually last year, all authors of full papers were invited to bring a poster of their published work to this year's in-person conference.
Input sanitization is the main technique to defend against injection attacks such as Client-Side Cross-Site Scripting. With more and more functionality being offered in the form of web applications, the importance of correct sanitizing functions increases as well.
When websites have use-cases like displaying previews or screenshots of other websites, maintainers tend to shift from simple tools like curl to fully-fledged automated browsers, like Puppeteer, to match the ever-growing complexity of the modern Web. However, visiting arbitrary, user-controlled URLs with these browsers diligently requires them to be kept up-to-date. In our work, we investigated the phenomenon of server-side browsers at scale. We found that many websites run severely outdated browsers on the server-side, most of them not updated for more than six months, vulnerable to publicly available proof-of-concept exploits.