Collaborate Disseminate
I have a bulletin on my site that all valid users have access to (read and write). User input posted to this bulletin is stored in JSON. Because of these qualities there is definitely some concern for XSS. Im hoping to figure out the best … Continue reading Shared Text Content – XSS Safe
I am passing value from input filled directly into a script function inside a JSON object. I was thinking, is it possible that this input can escape this object and can lead to XSS or something.
<script>
…
function doSomething(item… Continue reading Can input value escape a JSON object?
So I have been working on security testing of an application. My approach is to provide some data in the UI and intercept them using burp suite and manipulate the data.
However, to my surprise when I intercept the requests in that applicat… Continue reading How to decrypt data of content-type: application/encrypted-json [closed]
Is it possible to send a custom POST CORS request with json data?
I found that the website example.com is vulnerable to CORS and it’s accepting my origin header:
https://mywebsite.com
, however the request is a POST one and if i try withou… Continue reading Is it possible to send a POST CORS request with json data?
I’m trying to make a chatroom for my university, It takes username in JSON, and then stores it in an object, then takes it to DB for keeping logs, but the thing is, that object also has a "status" key, whose value is set to guest… Continue reading Null byte injection using JSON [closed]
I am building a web application in which a third party library is used, which transforms the user input into JSON and sends it to an controller action. In this action, we serialize the input using the standard Microsoft serialize from the … Continue reading Is unicode character encoding a safe alternative for html encoding when rendering unsafe user input to html?
Look, I’ve been there too. First the project just prints debug information for a human in nice descriptive strings that are easy to understand. Then some tool needs to log a sensor value so the simple debug messages gain structure. Now your debug messages {{look like : this}}. This is …read more
As the world settles into this pandemic, some things are still difficult to mentally reckon, such as the day of the week. We featured a printed day clock a few months ago that used a large pointer to provide this basic psyche-grounding information. In the years since then, [Jeff Thieleke] …read more
Continue reading Day Clock Monitors Air Quality of the Great Indoors
Looking over the spec for JSON Web Signature (JWS), I realise that it doesn’t seem to specify anything that is HTTP-specific in terms of the payload. Specifically, signing HTTP headers and bodies (say, so a server can verify certain HTTP h… Continue reading Signing HTTP requests with JWS
As you might notice below, there were a lot of announcements in the world of Azure Infrastructure last month. That’s because Microsoft Build, the developer-focused conference, happened and it is one of the inflection points for new releases in the Azure calendar. Sure, Build is developer-focused, but in the modern world, developers and operators are […]
The post Everything You Need to Know About Azure Infrastructure – May 2020 Edition appeared first on Petri.
Continue reading Everything You Need to Know About Azure Infrastructure – May 2020 Edition