Questions tagged [jquery]
jQuery is a JavaScript library used for DOM manipulation.
39 questions
0
votes
0
answers
135
views
Appending string to a user input can stop xss in jquery selector?
I've found that a user input was passed to jquery selector sink $()
This is known to be vulnerable because having something like :
$("<img src='/' onerror=alert('xss');>")
Will ...
- 11
2
votes
1
answer
269
views
What are the security considerations for coding a website with interactive scripts but no backend?
I am developing a simple grammar study website with Bootstrap 5, JQuery and Javascript. It will have interactive grammar quizzes and flashcards. I would like users to be able to type in answers to ...
1
vote
0
answers
220
views
Prevent XSS in 3rd party (self hosted) application
We have an application which have purchased from a 3rd party and host in our own environment. The application consists of its own UI and back-end, and is included in our own application through an ...
- 11
0
votes
1
answer
281
views
Is JQuery in chrome extension a security concern?
This is the relevant part of my manifest.json file:
"content_scripts": [
{
"css": ["style.css"],
"matches": [
"<all_urls>&...
- 103
1
vote
1
answer
2k
views
XSS - Setting Values and Attributes w/ jQuery
I was looking at the answer here and got curious if a function I use may be susceptible to XSS. Mostly because of this statement:
Some HTML attributes are inherently dangerous. This includes href,
...
- 137
0
votes
1
answer
10k
views
How to prevent XSS attack on selected window.location in javascript
This is my code where i have a userId in a method SwitchUser_Click. I need to prevent or somehow encode the return value from the switchUser_Click as it includes the UserId of a user vulnerable to ...
- 101
7
votes
1
answer
5k
views
DOM Based XSS and Adding HTML Elements
So as a rule of thumb I once learned that adding or removing HTML with JavaScript/JQuery (.html(),.append(), etc) leaves yourself wide open for DOM Based XSS Attacks. It is now my understanding that ...
- 309
0
votes
0
answers
744
views
DOM XSS via JQuery function init()
Burp reported potential DOM XSS. Data is read from location and passed to the 'init()' function of JQuery via:
var table = location['table'] || location['sysparm_table'];
snPresence.init(table, ...
-4
votes
1
answer
170
views
I want to hide my youtube embeded code from my source code [closed]
I have iframe in my website i want it to be encrypted so that user can't understand the link and when user try to paste on browser it should show the video
<iframe
id="<?php echo $...
39
votes
5
answers
15k
views
Is it really Security Misconfiguration to show a version number?
Our web application uses a HTML file with jQuery embedded inside.
According to the jQuery license (https://jquery.org/license/), we have to leave the license header intact, including the version ...
- 491
1
vote
1
answer
373
views
When signing up a new user, is there a way to secure the password using jQuery/PHP?
I'm of the opinion that HTTPS is sufficient for securing passwords from would-be MITM (man-in-the-middle) attacks, but I'm curious to know if there's anything else I should be doing.
During signup, ...
2
votes
2
answers
10k
views
How to exploit publicy known vunerable version of jquery?
I am trying to see how a publicly known "vulnerable version of the library jquery" can be exploited to make proof of concepts to website owners.
Let's say we have jquery version 2.1.1 that ...
- 131
1
vote
1
answer
1k
views
Bypass a simple XSS filter that only looks at <
Say, I have a page where the input from the user is taken and is passed through a simple client-side XSS filter. That filter only replaces < characters with ''.
in = in.replace(/[<]/g, '');
The ...
- 213
3
votes
1
answer
23k
views
Is there a way to exploit jquery 1.12.4 vulnerability?
According to https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jquery+1.12.4 and https://snyk.io/test/npm/jquery/1.12.4, I see that jQuery 1.12.4 has medium serevrity vulnerability.
I checked on ...
- 133
0
votes
0
answers
585
views
Is this code vulnerable to DOM based XSS? jquery wrap()
Data is read from window.location and passed to the wrap() function of function of jQuery via the following statement:
t.Location.wrap(window.location)
The version of jQuery in use is the 1.12.1 - Is ...
