The javascript tag has no wiki summary.
0
votes
1answer
23 views
Set Cookie in XHR response : How different browsers handle this?
If I send a XHR request to example.com and response has Set-Cookie: dummyCookie=dummy in response.
How different browsers handle this?
Does any version of any browser set the cookie for ...
1
vote
2answers
74 views
AVG Website Scan, Chance of 'Potential Threat'?
In a recent question I asked about investigating websites for viruses.
The answers were very helpful, I ended up using the AVG website scanner. First I used it on our website and found it was clean, ...
0
votes
2answers
105 views
Best Approach for removing XSS Vulnerability
I have been developing a Webobjects application, and I found that my application is vulnerable to XSS through URL, but not when malicious input like <script>alert("hi")</script> is input ...
0
votes
4answers
80 views
Is WebGL a security concern?
Is WebGL a potential security problem due to the low level access it provides?
For example, a web page can attempt to compile and run any shader source it wants.
It seems that security would ...
1
vote
4answers
147 views
Without using SSL, what's the most secure way to make an AJAX request to a PHP page?
It was suggested over at stackoverflow that I try my question here. This is it verbatim:
So, it's impossible to do AJAX requests securely without using SSL. I get it. You can either view-source the ...
0
votes
0answers
84 views
A proposal for Data Transmission and Password Encryption [closed]
I need to implement a sensitive data protection scheme which can meet the requirements on secure data transmission, protection and storage, assuming mutually trusted third party is not available, that ...
0
votes
0answers
21 views
How tp retrieve meta tags from a website using javascript [closed]
I'am not getting the tags in head while using javascript
2
votes
2answers
233 views
Removing Google Analytics cookie string from URL - security hole?
On our site, we use google analytics and we have to put the GA cookie in the URL since we have a two letter domain and IE imposes some cookie limitations on those. This means that when going between ...
1
vote
3answers
216 views
what's the absolute worst damage javascript could do to a client?
Assuming I have a defenseless client computer running Windows 7 that will happily allow any javascript code it comes across on the internet, what's the worst damage that could be inflicted?
I'm ...
2
votes
2answers
219 views
HTML Vulnerabilities
My question is three-fold.
Background
I was asked to do some vulnerability scans on a website with some holes (I think). On a particular page, I was able to escape the text field and write on the ...
4
votes
2answers
272 views
Javascript and jQuery not secure over https
I am building an ASP.NET MVC 3 app which will run in Azure. Everything was working well, until I switched to https. Now most of my jQuery plugins and some other javascript are not secure.
I'm using ...
4
votes
1answer
351 views
Is this jQuery ajax call vulnerable to XSS?
If somebody can edit $("#field").val(), can they change the url property here to point to another location?
$.ajax({
url: "http://mywebsite/script?param=" + $("#field").val(),
dataType: "jsonp",
...
1
vote
2answers
170 views
Can one get infected through visiting a site with a PHP script on it and if yes, how?
I can imagine a clientside JavaScript that gets executed in a vulnerable browser to do some harm, but how can this be done with PHP?
Since it's serverside it shouldn't have access to the visitor's ...
5
votes
3answers
374 views
How secure are self decrypting HTML files for data storage?
I recently came across a JavaScript self decrypting archive. Is it secure enough to be used as a portable password storage tool? The author has even challenged it to be cracked.
6
votes
3answers
263 views
How bad is a Self Contained XSS attack?
Some of you might be familiar with this attack called Self Contained XSS. I recently stumbled upon this article about it. So how bad this kind of attack can be, even though this doesn't have access to ...
