Modern sanitization pipelines are no longer just filtering content, they are transforming it. And that transformation introduces risk. Multi-layered sanitization stacks, each operating on different parsing grammars and policy configurations, can produce structural mutations that convert inert markup into executable payloads, without any bypass of the sanitizer itself.

In this session, Ashish Kataria, security architect engineer at Synacor, will share insights on:

• How namespace confusion, token merging and serialization side effects create exploitable gaps in sanitization pipelines;
• Why multi-stage sanitizers and regex-based rewrites can inadvertently generate XSS attack surfaces;
• How to audit sanitizer-induced vulnerabilities using DOM comparison, structural mutation testing and browser-consistent parsing models.