xss Questions
2
Solved
I'd like to allow scripts only from my local server with certain exceptions like jQuery etc., but be flexible to load external images.
I'm aware that there is a directive like
Content-Security-Pol...
Giamo asked 3/3, 2016 at 15:17
3
Solved
Imagine a scenario where I want to continuously invoke user-supplied Javascript code, like in the following example, where getUserResult is a function that some user (not myself) has written:
for ...
Battlement asked 19/3, 2014 at 12:35
3
Solved
7
Solved
I have tried to put this:
<meta http-equiv="X-XSS-Protection" content="0">
in the <head> tag but have had no luck. I am trying to get rid of pesky IE preventing cross-site scirpting...
Weiner asked 8/1, 2011 at 18:20
7
Solved
I've found an article claiming that $_SERVER['PHP_SELF'] is vulnerable to XSS.
I'm not sure if I have understood it correctly, but I'm almost sure that it's wrong.
How can this be vulnerable to X...
8
Solved
I'm writing the JS for a chat application I'm working on in my free time, and I need to have HTML identifiers that change according to user submitted data. This is usually something conceptually sh...
Lindsey asked 8/5, 2010 at 12:59
11
Solved
After reading Jeff's blog post on Protecting Your Cookies: HttpOnly. I'd like to implement HttpOnly cookies in my web application.
How do you tell tomcat to use http only cookies for sessions?
9
Solved
<?php
$x = array("<b>","<i>","b","i","<h1>hello</h1>");
print_r ($x);
echo "<hr>";
var_dump ($x);
out...
Ftc asked 7/4, 2012 at 16:14
3
Does the threat of XSS exists when loading an untrusted SVG file using the img tag?
As in: <img src="untrusted.svg"/>
I've read that most browsers disable scripts in svg files loaded via th...
Thurmond asked 27/10, 2011 at 14:0
2
I want to secure my spring boot app with XSS protection. I have Spring Boot application implemented with Spring Security.
Additionally I have second application (frontend) working on different port...
Thadeus asked 3/8, 2021 at 10:6
5
Solved
In Java, we've got some code that takes a complex java object and serializes it to json. It then writes that json directly to the markup of a page, in a script tag, assigning it to a variable.
// ...
2
i use from Spring 4.2.6.RELEASE and backend is rest services.
and now I can not have a filter for Prevent XSS
my filter is:
@Component
@Order(1)
public class XSSFilter implements Filter {
@Over...
Fusibility asked 15/8, 2018 at 5:24
15
Solved
I read the tutorial DIY widgets - How to embed your site on another site for XSS Widgets by Dr. Nic.
I'm looking for a way to pass parameters to the script tag. For example, to make the following w...
Photogram asked 13/3, 2011 at 21:5
6
Solved
We have enabled AWS WAF solution before my ALB and have SQL injection and XSS detection enabled. We have tried to setup a custom rule to check if the content-type is multipart\/form\-data* using re...
Maybellmaybelle asked 16/11, 2020 at 5:35
10
Solved
Any idea how one would go about preventing XSS attacks on a node.js app? Any libs out there that handle removing javascript in hrefs, onclick attributes,etc. from POSTed data?
I don't want to have...
Mostly asked 14/9, 2010 at 0:26
5
Solved
I am learning about XSS (for ethical purposes), and I was wondering how to execute some JavaScript code without using <script> tags. This is within the HTML tag:
"The search term" <p> ...
Adsorbate asked 25/5, 2016 at 10:58
2
I want to enable Spring Security XSS protection in my application.
1) Read docs and blogs, and https://spring.io/blog/2013/08/23/spring-security-3-2-0-rc1-highlights-security-headers/ indicates XS...
Tramway asked 3/6, 2016 at 4:56
6
Solved
Is there a known XSS or other attack that makes it past a
$content = "some HTML code";
$content = strip_tags($content);
echo $content;
?
The manual has a warning:
This function does no...
Robyn asked 26/4, 2011 at 9:40
5
Is it possible to configure the Content-Security-Policy to not block anything at all? I'm running a computer security class, and our web hacking project is running into issues on newer versions of ...
Freedafreedman asked 14/3, 2016 at 3:1
3
So I've been building a C# html sanitizer using html agility with a white list. It works fine, except for cases like these:
<img src="javascript:alert('BadStuff');" />
<img src="jav&#...
Recur asked 7/3, 2013 at 20:54
5
Solved
From within the succcess method of my AJAX response, my goal is to do the following in an XSS safe manner:
remove all existing options within a select box.
replace the options from that same selec...
Em asked 14/2, 2023 at 18:14
7
I have a dynamically generated SVG string in a React component. I want to embed this as an image in the component. Currently, I'm using something along the lines of:
class SomeComponent extends Re...
Turbofan asked 4/7, 2017 at 8:17
4
Solved
I am trying to figure out how to protect,
Angular
Vue
React
against XSS attacks. When I visit the Angular official docs,
https://angular.io/guide/security
, it says:
To systematically bloc...
Fenella asked 20/3, 2019 at 13:47
6
I need to add custom headers in IIS for
"Content-Security-Policy", "X-Content-Type-Options" and "X-XSS-Protection".
I get the procedure to add these headers but i am not sure what should be the v...
4
I am just creating a registration form, and I am looking only to insert valid and safe emails into the database.
Several sites (including w3schools) recommend running FILTER_SANITIZE_EMAIL before ...
1 Next >
© 2022 - 2024 — McMap. All rights reserved.