Newest 'javascript html' Questions - IT Security Stack Exchange

6

votes

3answers

162 views

Is there a way to bypass Django's XSS escaping with “unicode”?

Django (the Python web framework) escapes output to prevent XSS (Cross Site Scripting) attacks. It replaces ', ", <, >, & with their HTML safe versions. However this presentation on slide ...

asked Apr 10 at 10:54

Rory
1313

7

votes

1answer

314 views

What possible use does an iFrame have for security?

I'm looking at code for an old login form I'm redesigning. It's a simple table with two input fields for username and password. But just before the end </table> tag there's a blank iFrame which ...

web-application authentication javascript html

asked Mar 25 at 23:03

Michael N
383

2

votes

3answers

173 views

Stop code injections into page code

I started a topic HERE on the stackoverflow site, but was refered here. I did get some info there, but think it need's more indepth input. So hopefuly people here can help. I have a few domains ...

php javascript html

asked Mar 19 at 20:08

Tempus
111

0

votes

1answer

182 views

“pagesinxt.com” links in the sourcecode, am I being hacked?

At this moment I am being hacked and I do not know to stop it. Let me explain... My website is hosted in a VPS where I am the only person who has access to it. The page is builtwith ...

javascript injection html

asked Mar 9 at 23:46

manix
1033

10

votes

1answer

343 views

How can I embed iframe securely without restricting its functionality?

I'd want to embed an iframe from untrusted site into web application. Iframe: should be able to run Javascript and browser plugins (Flash, etc.) should not be able to access my web application ...

web-application web-browser javascript same-origin-policy html

asked Dec 21 '12 at 13:47

Andrey Botalov
1,102931

4

votes

4answers

222 views

Is it possible to make an xss with only html tags

I'm not aware of all the xss tricks.. While programming in Ruby on Rails, using a sanitize method to allow only certain tags and it makes its best to clear all the other tags and scripts the ...

javascript xss html

asked Dec 3 '12 at 16:10

Nick Ginanto
25929

7

votes

4answers

149 views

Limited JavaScript app scenario: Attack vectors and mitigation

I'm going to be developing a single page JavaScript app which allows input via a textarea. This input is never sent to the server, never shown to another user, and will only be persisted in browser ...

web-application appsec javascript html

asked Oct 30 '12 at 12:34

Maleks
383

1

vote

5answers

648 views

Is it secure to use jQuery on the server-side for user input validation?

I'm thinking about using jQuery on the server-side (node.js) to validate user input (filter tags, remove every attributes except href, rel, target & style, modify css rules which are applied ...

web-application javascript validation html

asked Aug 12 '12 at 14:24

mic
1346

Tagged Questions

Related Tags