Is it Safe to Update Content Security Policy to Allow Blob URLs for iframes?

I am currently implementing a feature that allows users to upload documents (mainly pdfs) and view them in the browser without storing them on a server. The application generates a blob URL from the uploaded document, which is then passed … Continue reading Is it Safe to Update Content Security Policy to Allow Blob URLs for iframes?

Is it Safe to Update Content Security Policy to Allow Blob URLs for iframes?

I am currently implementing a feature that allows users to upload documents (mainly pdfs) and view them in the browser without storing them on a server. The application generates a blob URL from the uploaded document, which is then passed … Continue reading Is it Safe to Update Content Security Policy to Allow Blob URLs for iframes?

How to access iframe.contentWindow.document of a nested iframe inside an iframe? [migrated]

I’ve been trying all day to nest created iframes and access their contents, but security restrictions dont let me. Is there a way? I shared my code and everything i tried so far in a codepen. https://codepen.io/serapath/pen/qBGbpMG?editors… Continue reading How to access iframe.contentWindow.document of a nested iframe inside an iframe? [migrated]

Can an embedded 3rd party JS script access or keystroke log an iFrame’s content

Say there is a web page with two 3rd party javascript URL scripts embedded in it. One creates a support chat window and the other creates an iFrame within which a user enters payment information into a form.
If the support chat script was … Continue reading Can an embedded 3rd party JS script access or keystroke log an iFrame’s content

In a web application, what would you consider the best way to store secret keys obtained via an SDK?

Currently I am working on an application that requires secret keys to encrypt and sign information generated by the client and transmited over the wire, these keys are granted per user.
Currently when the user logs in, the keys are downloa… Continue reading In a web application, what would you consider the best way to store secret keys obtained via an SDK?