How to test an Angular SPA for DOM XSS with OWASP ZAP?
I want to test an Angular SPA for any DOM-based XSS. How do I do that with OWASP ZAP?
Continue reading How to test an Angular SPA for DOM XSS with OWASP ZAP?
Collaborate Disseminate
I want to test an Angular SPA for any DOM-based XSS. How do I do that with OWASP ZAP?
Continue reading How to test an Angular SPA for DOM XSS with OWASP ZAP?
I’m writing a javascript code that update DOM with html/javascript from XMLlHttpRequest response (A sort of JQuery’s $.load() function), depending on some client side condition (e.g. which browser user is using).
I put this function in a s… Continue reading Security issues in xhr DOM update
Google have written up a great explanation of XSS attacks with 3 interactive demos:
https://www.google.co.uk/about/appsecurity/learning/xss/
If I follow the instructions, I can see a JavaScript alert pop-up in the first 2 demos however whe… Continue reading DOM-based XSS example doesn’t work
Google have written up a great explanation of XSS attacks with 3 interactive demos:
https://www.google.co.uk/about/appsecurity/learning/xss/
If I follow the instructions, I can see a JavaScript alert pop-up in the first 2 demos however whe… Continue reading DOM-based XSS example doesn’t work
I have a website that I am testing but I am pretty new to all of this security stuff and would appreciate some help!.
I have a url similar to the following:
http://testurl?nexturl=whatever
The nexturl parameter determines what url should … Continue reading DOM-based XSS – via URL
I have a need to to create and attach a script tag to DOM at runtime.
The script is a remote webpack bundle (via a Module Federation plugin). I would like to be able to change the URL to that hosted remote bundle at runtime (for A/B testin… Continue reading Safely creating script tag and attaching to DOM
I am trying to understand the mechanics of webpack’s chunk loading. From what I understand, chunks are appended to DOM via javascript
document.createElement("script") with script’s src attribute set to URL of the chunk script.
So… Continue reading Webpack chunk loading mechanism and safety
Payload:
<DIV STYLE="background-image: url(javascript:alert(‘XSS’))">
Reference: http://seguretat.wiki.uoc.edu/index.php/XSS_Cheat_Sheet
Can someone please explain why this payload is not working?
Burp highlights DOM open redirection possible with code below. Could anyone explain if this is feasible? Many thanks!
var url = window.location.href;
url = url.replace(/(\?|\&)user_lang=[A-Za-z]{2}/, "");
window.location.href… Continue reading Simple DOM open Redirection quesiton
I’m using a free template as a front end in my application and the main javascript file came out as a high risk as it’s vulnerable to a dom based cross site scripting.Is there a way to sanitize the javascript function inside a javascript f… Continue reading prevent dom based – xss from js file in mvc