Collaborate Disseminate
Are there any protections against users using Chrome Developer Tools to right click on a password input field, and then change input type=”pass” to “text” to reveal the password?
There are probably JavaScript ways but once a… Continue reading Protecting against input type ="password" changes? [on hold]
I understand the concern about a tainted canvas – the idea that the bits of an image from another site can be sent back to a malicious server. But can you explain the details of how exactly this works?
Suppose the user visit… Continue reading Why is a "tainted canvas" a risk?
i am using HTML5 audio player as follows :
<audio controls>
<source src=”<url>” type=”audio/mp3″>
</audio>
Now , i want to secure my app , So i want to pass some sessionId in Header parameter in http request fo… Continue reading How to Pass Authorization Header in HTTP Request when using HTML5 Player (Audio tag) for security
I want to pass a PHP string directly to a JavaScript variable and keep the load on the server to a minimum. I have the following JavaScript in an PHP file for doing this:
<!DOCTYPE html>
<html>
…
<body>
… Continue reading Passing PHP code directly into JavaScript in HTML5
I am currently creating a login system for my website. To secure the login service, should I use JSON Web Tokens and HTML5 storage, or should I use use the older way of using cookies? Are any of theses options secure or is th… Continue reading JWT authentication or cookies?
An interesting feature of HTML5 is the <input pattern=”” /> attribute, which allows the browser to validate the input field’s value against a regular expression provided by the developer.
Subsequently, this binds to th… Continue reading Is HTML5 input pattern validation sufficient (or even relevant) for client-side validation?
I’m writing a PHP script that takes input from an HTML5 form, including uploads, and emails them to an administrator using Magento’s mail client. I think I’ve covered the basics pretty well, but I’m sure I’m missing some pote… Continue reading Vulnerabilities in PHP Form Handling Script
Trying to find if there are recognized ways to handle Progressive Web Apps (PWA)/HTML5 type apps on desktop browsers (chrome, firefox) with some form of encrypted local storage that is sufficiently recognized (not a hack per-… Continue reading PWA/HTML5 recognized encrypted storage on desktop/mobile browser
I’m quite enthusiastic about the Sub resource integrity (SRI) features. But, why is it only limited to JS and CSS files?
I tried to pin a LESS (CSS variant) file, of which the integrity tag was ignored by Firefox and Chrome…. Continue reading Why is Sub resource integrity (SRI) only limited to JS/CSS files and is it only for external sources?
Just curious if it is possible to get malware through a trusted site hosting an HTML 5 player.
I would imagine since Chrome is in a sandbox, nothing download to your computer?