Skip to main content
Information Security

Questions tagged [html-5]

Ask Question

HTML5 is a markup language used for structuring and presenting content on the World Wide Web.

55 questions
Newest Active Bountied Unanswered
3 votes
1 answer
518 views

What security concerns are there for a fully client-side JS/HTML5 app?

I'm working on an Interactive Fiction story in Undum, which is a fully client-side JS/HTML5 framework. I've been reading about Content Security Policy lately (after looking up what a crypto nonce is) ...
CCJ's user avatar
CCJ
  • 133
41 votes
7 answers
11k views

Security risks of user generated HTML?

I am creating a website that allows people to upload HTML content. Currently these are the tags that are banned: <script></script> <iframe> <object> <embed> <style&...
Jevon's user avatar
Jevon
  • 511
3 votes
1 answer
2k views

Can a javascript on parent page log keystrokes inside an iframe?

I am trying to analyze the possibility of accessing keystrokes from an iframe using a javascript running on the parent page. The potential attack which I am looking to verify is Cross Frame Scripting. ...
hax's user avatar
hax
  • 3,951
1 vote
1 answer
463 views

Stealing page source via Clickjacking [closed]

I am learning Javascript. Also researching web based vulnerabilitys to learn. I just wondering how Javascript can be used to steal view page source or any text or any tokens leaking on the page via ...
user11177344's user avatar
user11177344
  • 11
2 votes
2 answers
244 views

Do interactive ads on Android pose a security risk?

I have recently started seeing interactive ads in free applications I use on Android. I'm used to ads that come in the form of images, gifs or videos. Now, a lightweight, seemingly HTML5-compatible ...
svavil's user avatar
svavil
  • 147
3 votes
1 answer
191 views

What data related to a specific web page can be obtained outside the browser?

The browser has several built-in storages, such as local storage or indexedDB. Does it make sense to store sensitive data in them if there is a risk that some malware can access the browser's data ...
Denis's user avatar
Denis
  • 33
1 vote
1 answer
507 views

Are the details about the Widevine bug now public?

There was a bug in Widevine last year which enabled downloading Encrypted Media Extension Content. They stated that they would give full details after 90 days. Was this meant for public disclosure or ...
user2284570's user avatar
user2284570
  • 1,512
-5 votes
1 answer
4k views

Protecting against input type ="password" changes? [closed]

Are there any protections against users using Chrome Developer Tools to right click on a password input field, and then change input type="pass" to "text" to reveal the password? There are probably ...
user5623335's user avatar
user5623335
  • 813
12 votes
1 answer
2k views

Why is a "tainted canvas" a risk?

I understand the concern about a tainted canvas - the idea that the bits of an image from another site can be sent back to a malicious server. But can you explain the details of how exactly this works?...
M Katz's user avatar
M Katz
  • 245
0 votes
1 answer
6k views

Is using enctype="multipart/form-data" always a bad idea?

If the form doesn't have any file upload, you just use enctype="multipart/form-data" everywhere, is it a bad idea from a security point of view? Here someone says, in 2007 Uusing enctype="multipart/...
Lynob's user avatar
Lynob
  • 185
9 votes
2 answers
29k views

How to Pass Authorization Header in HTTP Request when using HTML5 Player (Audio tag) for security

i am using HTML5 audio player as follows : <audio controls> <source src="<url>" type="audio/mp3"> </audio> Now , i want to secure my app , So i want to pass some sessionId ...
Sahil Aggarwal's user avatar
Sahil Aggarwal
  • 223
9 votes
1 answer
3k views

Passing PHP code directly into JavaScript in HTML5

I want to pass a PHP string directly to a JavaScript variable and keep the load on the server to a minimum. I have the following JavaScript in an PHP file for doing this: <!DOCTYPE html> <...
flen's user avatar
flen
  • 235
0 votes
2 answers
1k views

JWT authentication or cookies?

I am currently creating a login system for my website. To secure the login service, should I use JSON Web Tokens and HTML5 storage, or should I use use the older way of using cookies? Are any of ...
iProgram's user avatar
iProgram
  • 1,187
23 votes
5 answers
11k views

Is HTML5 input pattern validation sufficient (or even relevant) for client-side validation?

An interesting feature of HTML5 is the <input pattern="" /> attribute, which allows the browser to validate the input field's value against a regular expression provided by the developer. ...
msanford's user avatar
msanford
  • 795
-1 votes
1 answer
183 views

Vulnerabilities in PHP Form Handling Script [closed]

I'm writing a PHP script that takes input from an HTML5 form, including uploads, and emails them to an administrator using Magento's mail client. I think I've covered the basics pretty well, but I'm ...
sadq3377's user avatar
sadq3377
  • 101

15 30 50 per page
1
2 3 4