Collaborate Disseminate
Hello I was experimenting with XSS payloads and couldn’t help wonder the syntax for
javascript:alert(0)
The most basic payload for XSS makes sense, since the tag is used for JavaScript in HTML.
<script>alert(0)</script>
But … Continue reading XSS Payloads: <script> vs javascript:
Say I have a continuously upgraded and well maintained LAMP environment with a website which its CMS is all-core and continuously upgraded as well and I have created a simple backend HTML contact form which is CMS-agnostic (not a module of… Continue reading Is it true that frontend validation is generally redundant for minimalist contact forms on minimalist environments?
A recent survey revealed that, on average, organizations must comply with 13 different IT security and/or privacy regulations and spend $3.5 million annually on compliance activities, with compliance audits consuming 58 working days each quarter. As mo… Continue reading How do I select a compliance solution for my business?
I’ve been looking at some Web tools as I had some suspicions.
The css looks as though it does not come from Youtube. I’ve seen code from github and other sources.
A large portion is commented out and has javascript in between the breaks. I… Continue reading Is my browser been exploited via CSS? [closed]
<table>
<tr>
<div>USER ID</div>
</tr>
<tr>
<td>
<div>
<input autocomplete="off" onfocus… Continue reading How can I get browser to save password and user Id of following table?
I have Tor Browser (which is basically Firefox ESR) on "Safest" setting (Javascript disabled). We’re generally scolded about using extensions in it, as they can alter web traffic patterns to or from your browser, adding another f… Continue reading Tor Browser: Could a website or ISP detect modification to DOM done by users if Javascript is disabled?
I would like to block the execution of any instance of CSS’s url() function in CSS provided by my server. One promising method would be a CSP, but I’m not sure if this is possible using a CSP. Is it? And if not, what is the best way to acc… Continue reading Is there any way for a Content-Security-Policy to block a CSS function, (specifically the url() function)?
I have paid membership to some program. But they are not allowing to watch all videos at once. They allow us to watch 1 video per week. To watch 60 videos, i have to wait for 60 weeks. So i need help to access that content which is blocked… Continue reading Accessing Video on a Page [closed]
I have a website built with MediaWiki CMS.
This website contains a ContactPage contact form in which the subject field is hardcoded to the form wrapper via PHP;
This is odd, because all other fields aren’t hardcoded like thi… Continue reading Is there an advantage in removing an element both from CSS and JS?
I used SonarQube to perform a static code analysis of my project and it detected a security vulnerability in one of my CSS files:
For security reasons, protocol-relative URLs should not be used.
Noncompliant Code Exa… Continue reading What’s the security risk of using a protocol-relative URL in a CSS stylesheet?