All Questions

Tagged with
247 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
9votes
2answers
2kviews

How I protect against XSS attacks in attributes such as src?

So I've been building a C# html sanitizer using html agility with a white list. It works fine, except for cases like these: <img src="javascript:alert('BadStuff');" /> <img src="jav&#x09;...
user avatar
6votes
1answer
966views

Exploiting jQuery HTML decoding using textarea

Following up on my last question... This code can be exploited if an attacker has access to encodedText: return $('<div/>').html(encodedText).text(); e.g. $("<div/>").html('<img src="...
user avatar
  • 5,799
5votes
0answers
130views

Cross-site scripting (XSS) patterns can be submitted

Cross-site scripting (XSS) patterns can be submitted. [HttpPost] [AllowAnonymous] [ValidateInput(false)] public async Task<string> Index(string Xml) => await Process(Xml); If i remove ...
user avatar
  • 427
5votes
1answer
2kviews

Securing oauth bearer token against attacks such as XSS, CSRF in javascript apps

I am a bit unclear about how to secure (or protect) bearer tokens when using pure JavaScript applications. I know when user request token to the server it can come with a validity of 14 days or 24 ...
user avatar
  • 5,602
4votes
0answers
91views

How does Weebly enforce javascript security for custom widgets?

Weebly is a drag and drop website builder and allows developers to create custom widgets that users can add and drag onto their pages. These custom widgets can contain javascript for interactivity. ...
user avatar
  • 30k
3votes
0answers
52views

Tomcat Apache ServletException Output Encoding

I have a strange issue. In Tomcat 4.0.6, if I raise a default javax.servlet.ServletException(message) where message contains dangerous HTML such as an XSS attack alert(1), it's reflected unencoded ...
user avatar
3votes
0answers
2kviews

Security - How to prevent XSS filename injection in Dropzone.js?

I am doing some security tests with my dropzone.js extension, I find out that it's possible with a Linux system to rename a legit filename and execute it with special characters like : "><svg ...
user avatar
3votes
1answer
85views

How to mail a JS code to Gmail, not to execute, but just to display

I need to send some js code to my users' email id(can be any many client) so that the users can just copy and use the code in their websites. The code involves <script></script>.But when I ...
user avatar
3votes
0answers
313views

How to allow all SVG elements and its attributes using Antisamy?

I want to allow all the svg elements and its attributes using Antisamy. How do I do that? I tried including all the elements and its attributes in the Antisamy policy file, and setting the regular ...
user avatar
  • 653
3votes
2answers
366views

Is XSS possible through the MailAddress class?

Considering I parse user input, which is supposed to be an email address, into the MailAdress class: var mailString = Request.QueryString["mail"]; var mail = new MailAddress(mailString); Is there ...
user avatar
  • 12k
3votes
3answers
3kviews

When trying to integrate one website with another what is the way to go? Iframe or pulling content?

My company has multiple vendors that all have their own websites. I am creating a website that acts as a dashboard where customers can access all of the vendor's sites. I wanted to know what is the ...
user avatar
  • 4,869
3votes
1answer
2kviews

Is the Primefaces p:editor safe to use?

I mean, the primefaces p:editor uses html to structure the text, so I have to set the escape attribute of h:outputText to false, to show the output without html tags. I was trying to play around a ...
user avatar
  • 130
2votes
0answers
42views

Is my extremely simple website safe agains XSS?

I made a website that gets your request path and returns it in a <link> tag like this: <link rel="canonical" href="PATH_HERE"> You can go to any path you want and ...
user avatar
2votes
0answers
49views

Is the HTML output of quill.root.innerHTML always safe?

I want to save and load the rich text from a Quill editor. My plan is to call JSON.stringify(quill.getContents()) and save the resulting JSON. Then to load and display the rich text I would do: quill....
user avatar
  • 941
2votes
0answers
192views

Security concerns about using bypassSecurityTrustResourceUrl() to display base64 images in Angular

I have a working Angular application displaying base64 images in HTML using : this.sanitizer.bypassSecurityTrustResourceUrl("data:image/jpeg;base64,...") However, bypassing this security ...
user avatar
  • 1,330
2votes
0answers
5kviews

The X-XSS-Protection header is not defined

I just added these 2 line to my server code header('X-Content-Type-Options: nosniff'); header('x-xss-protection: 1; mode=block'); I scan my site using Nikto, still seeing these as issues. - Nikto ...
user avatar
  • 48.3k
2votes
0answers
87views

Is it safe to re-execute an inserted <script> node?

This is a spin-off from the comments here. I'm using SquareSpace to build my site, and for some things I like to use their HTML code blocks directly within the page, and include some JavaScript ...
user avatar
  • 353
2votes
1answer
785views

Security - CSRF Prevention Useless Without XSS Prevention?

I'm developing a serverless application on AWS and a static frontend using Svelte.js with Sapper. For user management I'm using AWS Cognito User Pools. Cognito returns JWT tokens when performing auth ...
user avatar
  • 189
2votes
0answers
211views

Can this example of jQuery .attr() be exploited by XSS attack?

Below I have an example that is being flagged by my code scan tool as a potential XSS vulnerability: $('#someField').attr('value', $('#dropdown option:selected').text()); This is just setting the ...
user avatar
2votes
0answers
560views

XSSI protection by adding prefix to JSON response

Angular's security guide mentions prefixing JSON responses from APIs to protect against XSSI: This attack is only successful if the returned JSON is executable as JavaScript. Servers can prevent an ...
user avatar
  • 2,257
2votes
1answer
483views

Request validation in ASP.Net Core API

According to this question, Request Validation does not exist in dotnet core. If I understand this question correctly, I need to implement a custom method to validate each single string in all ...
user avatar
  • 2,382
2votes
0answers
826views

Cross Site Scripting :Dom

While running the HP Fortify analyser, I got a particular piece of code to be vulnerable and has been marked a critical issue. var f = document.createElement("form"), baseURL = (window.location....
user avatar
2votes
0answers
305views

How to prevent my React based application to be used for XSS attacks

How do I protect my React application from XSS attacks ? In the past I used CSRF for such things but since the Front-end of my Application is separated from the server, I'm wondering how to prevent ...
user avatar
  • 1,792
2votes
1answer
447views

Prevent cross-site scripting attack from static site

I have hosted a static HTML page using GitHub Pages with a Contact Us form. I found a solution so I can send the form to my email with https://formspree.io/ but i am not sure if this prevent an ...
user avatar
  • 85
2votes
0answers
819views

Is HTTP response splitting/CRLF injection in PHP still possible?

I'd like to try and redirect my own website by passing something like: %0d%0aContent-Type:%20text/html%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0a%0d%0a%3Ccenter%3E%3Ch1%3EHacked%3C/...
user avatar
  • 95
2votes
0answers
112views

PHP - Is DOMElement->nodeValue = $userInput; XSS safe?

If I am serving up an HTML page generated by DOMDocument, do I have to worry about XSS vulnerabilities when applying user input to a DOMElement node's value? // (object) Instance of DOMElement $node-&...
user avatar
  • 320
2votes
0answers
173views

How to prevent a textbox from executing script?

In my application i have a search textbox which uses two way binding (ng-model). As soon as i append following script as a search keyword, it starts executing it. i find an Alert message pop up. If ...
user avatar
2votes
1answer
886views

Display BLOB object in Java web project avoiding persistent cross site scripting?

How do I display data stored as a BLOB object in a Java web project and avoid a persistent cross site scripting vulnerability? The method respond() in ViewDeliveredReportsPage.java sends un-validated ...
user avatar
  • 21
2votes
1answer
416views

XSS attack in wordpress?

I am developing a WordPress theme. for the security of it with XSS. here i have two queries: How to detect theme can be infected with XSS attack? or already infected? How to prevent it to be ...
user avatar
  • 213
2votes
0answers
122views

Brainstorm! cfqueryparam-strength validation w/o the tag

Background: A colleague of mine developed a bunch of ColdFusion applications built on a common home-grown framework. There are ~100 applications each with their own databases. Problem: I think it's ...
user avatar
  • 158
2votes
0answers
2kviews

XSS Steal Authetification Basic with xmlhttprequest

I'm working on security, and I need one thing to exploit my XSS vulnerability: My goal is: - Get the Authentification Basic header from the admin. With the Authentification Basic, i can decode the ...
user avatar
2votes
2answers
95views

html sanitization makes difficulties

I read user profiles from database and show them. Before I show them I use HTML sanitizing through php htmlentities. It shows them correctly. But, while allowing user to edit it, it is shown like ...
user avatar
  • 273
2votes
0answers
234views

Are there any security issues setting `document.domain = document.domain;`?

I'm hoping to build an application which allows subdomain.domain.com to open a popup window at domain.com and manipulate that window. To do this, I need to set document.domain to the same value on ...
user avatar
  • 15.2k
2votes
1answer
1kviews

XSS: Break out of not-complete encoding

I'm pentesting the ASP.NET application running on Microsoft-IIS/7.5 web server and I'm sending it the following GET request parameters: &search=aaa%20%*+,-/;<=>^|"'bbb One of the ...
user avatar
  • 1,504
2votes
1answer
216views

XSS vulnerability: <wslite>

A scurity report for my website show this vulnerability: Relflected XSS: Request: GET http://example.com/page.php?q=< wslite > HTTP/1.1 what is the meaning of this error, what is the meaning ...
user avatar
2votes
1answer
3kviews

how to sanitize the return values of getCookies(), getRequestURL() in HttpServletRequest?

In my Java EE project, I set a filter in web.xml file which will use the Class MyHttpServeltRequestWrapper (extends HttpServletRequestWrapper). I am overriding the methods getParameter/ ...
user avatar
  • 29
2votes
1answer
875views

JSONP & http://localhost.:<port>/

After reading JSONP callback doesn't execute when running at localhost and googling a lot, I am still unclear if there is a potential XSS security threat. Is this "hole" covered in popular ...
user avatar
  • 87k
2votes
1answer
2kviews

How to avoid Reflected_xss_all_clients vulnerabilities in Winforms c#

Currently, I am working for a Winforms project. When I am scanning my Winforms application through CheckMarx then I am getting multiple Reflected_xss_all_clients vulnerabilities. I know there is no ...
user avatar
1vote
0answers
20views

Snyk False Positives for XSS in PHP

We've recently started using Snyk to perform code analysis, however have hit the stumbling block that the first scan is reporting many (>700) XSS vulnerabilities despite having code in place to ...
user avatar
1vote
0answers
26views

How To Add X-XSS-Protection and X-Frame-Option to Response Header in PHP using .htaccess

I want to add more security to my website by adding anti cross site scripting (XSS) security measures. I am trying to set the headers in my .htaccess file to include the required headers to protect ...
user avatar
  • 23
1vote
1answer
40views

How do sitebuilders like neocities handle cross-site scripting and sanitizing?

In the Neocities editor, it seems possible to input vulnerable text and this will run in the browser (like the onload alert seen in the image below). Is there any security Neocities takes to sanitize ...
user avatar
  • 123
1vote
0answers
102views

Best way to authenticate via Nuxt.js and Nuxt-auth.js

I am new to Nuxt.js and having some authentication problem. Hope you guys can have a look. I am using module nuxt-auth of Nuxt.js, when I login, it saves JWT created from cookie to dev console. This ...
user avatar
1vote
0answers
44views

Laravel {!! nl2br(e($value)) !!} is unsafe?

When I want to output values via Blade about Text including newline codes (such as \lf) Visible newline codes with (such as a BR tag or a pre tag) They say that I need to use {!! nl2br(e($value)) !!}...
user avatar
  • 11
1vote
0answers
83views

Why can't Mozilla observatory detect the http security headers on my website anymore?

A few months ago, I added security headers to all of the pages on my website. The Mozilla Observatory detected the changes then and the score increased to B+. Though I haven't changed a thing, it now ...
user avatar
  • 11
1vote
1answer
88views

Storing a Json value Security Threads using wordpress plugin

I'm performing an audit against OASP best practices, my goal is to identify all major security threads happening when I send the data from the frontend until it is saved in the database. Context. Json ...
user avatar
1vote
0answers
94views

DOM XSS - is this actually exploitable?

CheckMarx found this and marked it as a vulnerability. It doesn't seem to rely on user input, so I'm curious if this is actually exploitable. This is activated by dragging a component. If this is ...
user avatar
  • 1,269
1vote
1answer
1kviews

httpOnly cookies with React and Node

I'm trying to figure out how to implement authentication/authorization with React and Node, using httpOnly cookies, with scalability optionality. I've read JWT can solve this by using refresh tokens ...
user avatar
  • 11
1vote
0answers
74views

Does jQuery still have XSS vulnerabilities when we upgrade the version with jQuery Migrate and do not replace the deprecated methods?

The website below says that jQuery Migrate restores the deprecated methods which older jQuery has. https://github.com/jquery/jquery-migrate Does jQuery still have XSS vulnerabilities when we upgrade ...
user avatar
  • 81
1vote
0answers
100views

How to prevent XSS while creating a redirect path using window.location.replace()?

I have used window.location.replace() for redirection based on user's input. From a security review, this has been flagged as vulnerable to DOM based XSS. I am a newbie and I am not sure which part of ...
user avatar
1vote
1answer
371views

Sanitize properties by decorating it for avoiding XSS attack

Currently i am accepting models in my web apis. I am thinking to decorate my properties which are vulnerable to xss attacks. That should remove all the scripts tags etc. Is there any library which can ...
user avatar

15 30 50 per page
1
2 3 4 5