Home | Samuel Mortenson

You can call me Sam. I live in Portland, Oregon and spend a lot of time on the internet. I like web development, security research, and games. I did Drupal for a long time, but am trying my hand at security engineering now.

Blog

The latest from my mind to yours

Creating a CMS that runs in your browser

Why do content management systems have backends? If end users only see your cached HTML, is it worth the technical complexity just so you can edit in production?

Taking my work private

After a few weeks of mulling, I've decided to start doing more of my work in private, and drop most of my obligations with open source projects I maintain or contribute to.

Drupal security testing for everyone

I've just published a new project for performing static application security testing (SAST) on Drupal sites, mortenson/psalm-plugin-drupal.

Promoting jQuery JSON to JSONP to trigger XSS

I’ve done quite a bit of security research for Drupal, and one area of exploitation that I often come back to is the AJAX API. Drupal’s AJAX API is built on top of jQuery, and lets developers easily add interactive behavior to the frontend.

Work

Featured

Tome

A static site generator for Drupal

As I started to use static site generators like Jekyll and Gatsby, I started to wonder why Drupal couldn't also be used as a static site generator. After a ton of work, more than any on any Drupal module I've made, I created Tome, a static site generator for Drupal 8 that stored content, config, files, and HTML statically.

All work

Gallery

A small CRT TV and a variety of retro consoles.

Samuel
Mortenson