javascript – Page 3 – WindowsTechs.com

XSS with failing method in the injected DOM within onclick

Posted on July 23, 2024 by joFriedley

If I have a DOM XSS such as
<button type="button" data-dismiss="modal" onclick="Register.search(‘{INJECTION_PAYLOAD}’);">
Search
</button>

Posted on July 16, 2024 by

I have a website with the following code:
<input class="Header–search–form-input" name="search" value="" onfocus="alert(1)" autofocus="" placeholder="put request&q… Continue reading How to launch XSS code from an INPUT tag?→

Posted on July 16, 2024 by Bryan Cockfield

With all of the various keyboards, mouses (mice?), and other human interface devices (HID) available for our computers, there’s no possible way for developers to anticipate every type of input …read more Continue reading Turning Horrible Browser Controls Into A Game→

Posted on July 12, 2024 by fed

If a GET parameter in a website is vulnerable to XSS and the user input is reflected without any change or escaping or filtering and also HttpOnly is not set for session cookie, is stealing the cookie possible? or there might be more layer… Continue reading What is the next layers of defence against cookie stealing if GET parameter is vulnerable to XSS and there is no HttpOnly flag in a website?→

Posted on July 8, 2024 by Megan Crouse

Web development can be a lucrative and challenging career. See our top picks for courses that can introduce you to the field and kick-start your job search. Continue reading The 5 Best Web Development Courses Worth Taking in 2024→

Posted on June 29, 2024 by user43117

Is there a term for when an anchor tag opens a different URL than its href or performs some action such as showing a pop-up instead of opening expected URL?
Excluding non-malicious cases such as a single page application using client side … Continue reading What is the term for when a hyperlink maliciously opens different URL from URL displayed when hovered over?→

Posted on June 27, 2024 by User65535

The bbc news home page is directing some users to download and run some javascript from a data collection company. This collects many hardware and device identifiers, as their privacy policy acknowledges. They also run the code below. I… Continue reading Is this code attempting to identify individual computers? [closed]→

Posted on June 24, 2024 by Fiona Jackson

Today’s best Python courses offer hands-on experience with data analysis, web development, machine learning and more. Continue reading The 10 Best Python Courses That are Worth Taking in 2024→

Posted on June 19, 2024 by paj28

These days, most websites minify & concatenate their code.
Are there techniques to identify open-source libraries within minified, concatenated code?
I’m mostly interested so I can focus analysis on non-library code, but also to spot o… Continue reading How can I identify open-source JavaScript libraries within minified code?→

Posted on June 9, 2024 by Cort Ammon

I have a webpage I would like to use locally (the JSON-LD Playground). It appears to be designed to operate without connecting to a server. I would like to have a strong confidentiality guarantee for the data I put in it. Is there a way… Continue reading Preventing Javascript in a browser from connecting to servers→