The common name for the language used primarily for scripting in web browsers. It is not related to the Java language. Standardized as ECMAScript, its dialects/implementations include JavaScript and JScript.
-1
votes
4answers
75 views
How secure is this login page? [closed]
Unfortunately I cant link to the page (it internal). But I can describe it!
This is a lightspeed systems policy enforcement login page (content filter).
The page is http and there is no iframe with ...
2
votes
3answers
170 views
Javascript Malware: How does it work, and how can it be mitigated?
I am wondering how malware gets served through Javascript. I've noticed a few illegitimate pop-ups while visiting some financial websites. I wonder how malware exploits work against the application ...
1
vote
1answer
105 views
How to prevent the following clickjacking attack?
The Security attribute was implemented to prevent XSS attacks in iFrames by disabling any JS implemented in the iFrame source, therefore indeed eliminating XSS attacks, but also disabling any security ...
4
votes
3answers
159 views
Generate cryptographically strong pseudorandom numbers in Javascript?
Is there any good way to generate cryptographically strong pseudorandom (or true random) numbers in Javascript?
The crucial requirement: if a.com's Javascript generates some random numbers, no one ...
3
votes
2answers
138 views
Implementing brute force attacks on hash values in Javascript
I'm working for my bachelor thesis at the end of which I aim to implement a proof-of-concept Javascript-based hash cracker. The idea is to work like this: Users can submit a hash value along with ...
2
votes
2answers
199 views
Securing a JavaScript Single Page App with RESTful backend
I'm currently in the process of building a JavaScript SPA and have been researching how to secure it. There is currently as RESTful API that is being completely interacted with through AJAX. We also ...
8
votes
5answers
167 views
Is it a risk to highlight text while reading a webpage?
Whenever a user selects or highlights text on a webpage, an OnClick() event is generated. Some of the web browser security models depends on explicit end user interaction, such as OnClick(), before a ...
1
vote
1answer
128 views
scanning my site for JavaScript/XSS vulnerabilities
It have had a report that my site may have a security issue and there is some JavaScript loading 10 times per second.
www.ayrshireminis.com
Is there anyway that I can "scan" my site to check if ...
1
vote
0answers
60 views
What are potential use cases of script that identifies browser? [closed]
Let's say I've found a way to produce a unique string for each and every browser using pure Javascript (which makes it an alternative to UA strings).
Now what I'd like to know is what are potential ...
1
vote
5answers
258 views
Is it secure to use jQuery on the server-side for user input validation?
I'm thinking about using jQuery on the server-side (node.js) to validate user input (filter tags, remove every attributes except href, rel, target & style, modify css rules which are applied ...
3
votes
2answers
370 views
Why do I get AV alerts when browsing a web page?
I'm using the latest version of Firefox and Windows is up to date. When I was browsing a webpage and clicked a link the browser displayed "connection has been reset" and AVAST poped-up saying "Alert!" ...
3
votes
1answer
56 views
Client-side cross-site access in SSL environment - when it's still possible to do?
I'm trying to imagine an secure sandboxed environment for an application which is big and unexplored, and may contain backdoors. It would live under chroot/virtual environment with no outgoing ...
1
vote
2answers
94 views
Why ban XSS instead of flagging it?
Consider a browser that allows an XMLHttpRequest downloaded from foo.net to make requests to bar.net, but attaches a XHR-Origin: http://foo.net (or possibly a more descriptive value like ...
1
vote
1answer
50 views
How to verify that a clientside-generated object is genuine?
I know that general best-practice states not to trust anything generated by the client.
With that in mind, I want to write an HTML5 app that utilises the browser to generate various objects ...
1
vote
2answers
604 views
Encrypting string in javascript and decryption in java
I would like to know if someone know any library to do encryption in javascript and decryption in java. I have already tried many API, But getting not not getting same values in java.
I want ...
