The common name for the language used primarily for scripting in web browsers. It is not related to the Java language. Standardized as ECMAScript, its dialects/implementations include JavaScript and JScript.
0
votes
0answers
15 views
any possibility to manually block access to some javascript objects in browser on client side?
i was looking hard, but cannot find anything. Is there any possibility (add-on, plugin, software or something else especially with Linux and Firefox) to manually block access/clear object/add some ...
2
votes
1answer
26 views
Unusual ownership-ID using localStorage; any possible issues?
I'm working on a small side project in PHP. I may yet include some sort of actual username/password registration down the line, but for now, for ease of attracting attention, my goal is to allow for ...
3
votes
0answers
103 views
Are there any SHA-256 javascript implementations that are generally considered trustworthy? [migrated]
I am writing a login for a forum, and need to hash the password client side in javascript before sending it on to the server. I'm having trouble figuring out which SHA-256 implementation I can ...
0
votes
1answer
164 views
If my website does not take any user input, is there any danger in showing my code and folder structure?
First time posting here; apologies for any mistakes I've made, please edit, retag, migrate as appropriate.
I have a simple homepage whose purpose is (essentially) to contain my contact info and some ...
0
votes
1answer
93 views
Secure browser storage
Where is a secure place to store a "secret" in a web browser that a User has access to and JavaScript does not?
Thinking was along the lines of web history, bookmarks, built in password manager & ...
2
votes
3answers
155 views
Why is JavaScript disabled in the Tor Browser Bundle?
Didn't Tor create a local socks proxy? Why doesn't all the Web traffic go over this local socks proxy and why is JavaScript disabled in the Tor Browser bundle?
If you would connect with firefox for ...
0
votes
1answer
63 views
Create RSA public, private key pair having numbers generated already
I want to know to to generate working RSA key pair, with correct syntax.
Let's say i have already generated somehow my numbers for 512bit key, which are:
e = 00065537
d = ...
2
votes
3answers
464 views
Javascript containing a long hexadecimal string and eval: is this suspicious?
At the bottom of the index.php file for a simple “contact us” form, I found the following (some whitespace and newlines added):
try {if(window.document)--document.getElementById('12')}
catch(qq) ...
37
votes
3answers
3k views
I found obfuscated code in a comment on my blog. What should I do?
Today I was checking comments on my blog and I found a strange comment, here is the exact text
<script>var ...
1
vote
3answers
79 views
Implementing 'Remember Me' for a mobile application
I am developing a mobile application wherein I need to implement the 'Remember Me' functionality. There are certain pages within the application which require you to login. What I need to do is, if ...
0
votes
0answers
36 views
Google safebrowsing post requests [migrated]
My browser often sends some weird post requests like this:
POST http://safebrowsing.clients.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=22.0&pver=2.2&wrkey=XXXXXX ...
0
votes
2answers
102 views
Hide XSS payload
Scenario : There is a persistent XSS on a page with the username information. The username is present three times in the page, is visible only once and the visible one is correctly escaped.
How ...
6
votes
3answers
163 views
How could the string \";alert('XSS');// be used for XSS?
I was using Burp Suite for some testing and I noticed that they included the following string:
\";alert('XSS');//
as an attack string for an XSS payload.
How could this string be used to execute ...
0
votes
1answer
74 views
Exploiting flash XSS holes
I have a URL to a flash file. Sample :-
http://abc.mydomain.com/Findme.swf
Now, there is a parameter called xmlpath as :-
http://abc.mydomain.com/Findme.swf?xmlPath=something.
Is it not that ...
1
vote
1answer
52 views
In which ways could a javascript making a cross domain HEAD request be a threat?
I was just reading this answer to the question Why is the same origin policy so important?
Basically, when you try to make an XMLHttpRequest to a different
domain, the browser will do one of two ...
