Ajax – Page 4 – WindowsTechs.com

Do URLs used in JavaScript AJAX GET calls need to be sanitized through Apache when there is no server side scripting or database involved?

Posted on June 2, 2019 by Xandor

I am aware that any data coming into a server from a client should be handled safely (as in sanitized, whitelisted, etc.) but I had slapped together a very simple system that pulled file contents getting the file name from th… Continue reading Do URLs used in JavaScript AJAX GET calls need to be sanitized through Apache when there is no server side scripting or database involved?→

Are public paths/folder structures mean security risks for a website?

Posted on June 2, 2019 by Catso

I’m just wondering..
Are public,visible paths/folder structures mean security risk for a website? For example, as you can see our folder structure and file names are clearly visible in our ajax calls. This code is public beca… Continue reading Are public paths/folder structures mean security risks for a website?→

Why do so many websites use third-party sites for hosting JavaScripts?

Posted on May 8, 2019 by Geremia

Why do so many websites serve JavaScripts from ajax.googleapis.com and other third-party sites? Wouldn’t it be securer for these sites to host these scripts themselves?

Continue reading Why do so many websites use third-party sites for hosting JavaScripts?→

access control allow origin set blank

Posted on April 9, 2019 by Anirban Singha

While checking a cors request I found that ACAO is blank means. Whenever I change origin, is set to blank. Is there any way I can set/bypass origin to make same request

Access control allow origin:

Continue reading access control allow origin set blank→

Is xhr.withCredentials making POST endpoints vulnerable to CSRF?

Posted on March 27, 2019 by Marinos An

From what I’ve seen, someone can add the following code to a malicious site (lets say: http://sth.malicioussite.com) and be able to perform ajax post requests to a 3rd party site, along with any cookies set before:

var xhr =… Continue reading Is xhr.withCredentials making POST endpoints vulnerable to CSRF?→

can we copy the contents from iframe to another host?

Posted on February 23, 2019 by Shubham PaTel

i have a website called sub.example.com/dir1/dir2 which does not have the
iframe option in response i am able to get all the content to iframe option in another site called clickjack.com

my question is :
how to copy(steal) … Continue reading can we copy the contents from iframe to another host?→

Returning POST JSON data securely?

Posted on January 17, 2019 by R. StackUser

I have a webpage (HTTPS encrypted and authorized only via domain credentials) that displays grid information. This grid information is received via a POST request to my server which will send back all of the pertinent inform… Continue reading Returning POST JSON data securely?→

Why is it important to never use `eval` in conjunction with AJAX?

Posted on December 3, 2018 by gaazkam

From OWASP AJAX Security Cheat Sheet:

Eval is evil, never use it. Needing to use eval usually indicates a problem in your design.

I understand that evaling untrusted JS code can lead to a whole world of pain, nonethele… Continue reading Why is it important to never use `eval` in conjunction with AJAX?→

Window.Open » getElementBy.open [on hold]

Posted on September 29, 2018 by user187733

Is it possible to open the document, not in a new window, like
this – JavaScript.Window.Open(…)

But in the same page, in div which we will take with getElementById

I mean: document.getElementById(‘name_of_div’).Open(… Continue reading Window.Open » getElementBy.open [on hold]→

Security of Jquery Ajax calls in asp.net

Posted on September 11, 2018 by Shayan Hafeez

When we make a call with ajax it is open at the client end and it works like a charm but the problem is website security. Do we have any particular technique to make ajax calls secure so that hacker cannot attack our site?

… Continue reading Security of Jquery Ajax calls in asp.net→