Questions tagged [javascript]
The common name for the language used primarily for scripting in web browsers. It is not related to the Java language. Standardized as ECMAScript, its dialects/implementations include JavaScript and JScript.
1,372 questions
5
votes
1
answer
1k
views
Storing a session token in localstorage
I've heard the discussion many times of whether storing credentials or other sensitive info in localStorage or document.cookie is more secure. But I'm currently building a platform and I was wondering,...
- 351
2
votes
2
answers
210
views
How to prevent javascript in a single webapp from communicating with outside servers
I want to use certain javascript webapp running in browser and be certain it doesnt send data outside.
I self host this webapp on my own server and connect to it via my PC browser. So I can edit ...
- 23
1
vote
1
answer
175
views
JavaScript Control Over New Tab and SOP Behavior
I’d like to ask for some advice regarding controlling a newly opened browser tab using JavaScript.
Here’s the situation: I have my own website hosted at my.site.com, which includes a link to a ...
- 11
1
vote
0
answers
140
views
XSS javascript does not execute (bug bounty)
I am doing a bug bounty and i found an XSS injection point. However most tags are filtered and i have been getting no results in executing JS, i can do what ever HTML i want though
here are some ...
- 49
0
votes
1
answer
338
views
How to securely load user genereated Javascript code from IFrame into my website?
Before I start, I have found a few related references to this question, but they are not answered previously or are about a slightly different scenario to mine.
I have the following need. I need a way ...
- 115
4
votes
1
answer
454
views
How to generate a p12 with javascript generated key pair and server side internal CA
I'm working on a client-certificate based authentication of users for a website.
The server configuration part is OK
(Apache server, keywords: SSLCACertificateFile / SSLVerifyDepth / SSLVerifyClient ...
- 143
2
votes
1
answer
406
views
How to create a PDF payload?
Several questions here "hint" at PDF capabilities (executing js code, exfiltrating/probing network, etc)
But If i want to create one PDF that will trigger my internal phishing test url, how ...
- 355
0
votes
0
answers
92
views
Prototype pollution in non-recursive merge function
In many guides regarding prototype pollution, "merge" functions are listed as potentially vulnerable. But I'm somewhat confused on how this should actually work if a merge function is not ...
- 417
4
votes
1
answer
3k
views
Is it safe to use Internet Archive following its cyber-attack?
This is a follow-up to a question regarding recent Internet Archive hacking.
Website web.archive.org was restored in a readonly mode but is it safe to use it? Looking at the brief disclosure of the ...
- 243
2
votes
1
answer
208
views
Why is Google’s JavaScript Accessing 224.32.32.0/24 from the Browser?
I noticed a suspicious network error while trying to enter my credit card information on a page under console.cloud.google.com/billing. The network error indicated that a GET request to https://224.32....
- 21
4
votes
2
answers
4k
views
Why should an attacker perform a clickjacking attack when they can simulate the click with JavaScript?
What's the reason why an attacker should choose to perform a clickjacking attack?
If they create a malicious website, they could just perform the action automatically, they don't need to "trick&...
- 513
1
vote
0
answers
238
views
WordPress Site Hacked to redirect stripe.js offsite for credit card skimming - Can't Find The Source
We are experiencing an issue on our WordPress site running WooCommerce, for the second time this year where a hacker is injecting some kind of script that is redirecting the stripe.js code from it's ...
0
votes
1
answer
300
views
Predicting math.random after math.floor
I know math.random() in javascript can be predicted if you know the exact outputs of it, but if I only know what it gives after doing math.floor(100 / (1.0001 - Math.random())), how would I use this ...
4
votes
0
answers
101
views
XSS with failing method in the injected DOM within onclick
If I have a DOM XSS such as
<button type="button" data-dismiss="modal" onclick="Register.search('{INJECTION_PAYLOAD}');">
Search
</button>
Where I could ...
- 41
1
vote
0
answers
119
views
How to launch XSS code from an INPUT tag?
I have a website with the following code:
<input class="Header--search--form-input" name="search" value="" onfocus="alert(1)" autofocus="...
