New answers tagged web-browser
2
votes
Lots of copies of avg_secure_browser_setup.exe in my Downloads folder downloaded automatically
Yes, JavaScript can automatically request a file download, e.g., by using the download attribute of an a element and then calling click on that element.
How exactly the browser handles this request ...
- 38.3k
16
votes
Accepted
URL parameter "x="
When you have a public webserver, it's perfectly normal to receive a large number of invalid requests, typically sent by bots which have been programmed for different purposes, be it legitimate ...
- 38.3k
0
votes
In PCI DSS SAQ A, does "customer’s browser" include merchant apps using TPSP-provided UI elements for card data?
Disclaimer: I'm not a QSA and I'm not your QSA, but I have spent a lot of time talking to QSAs and other PCI experts about this exact question.
If you are using an SDK from a payment provider it is a ...
- 101
2
votes
Accepted
Is there a way to exploit this DOM-based XSS in recent versions of browsers?
The hash attribute of a URL object is not automatically decoded when being read, so your hypothetical target application has to explicitly call decodeURI:
var locale = 'en-us';
var decodedHash = ...
- 38.3k
Top 50 recent answers are included