Collaborate Disseminate
Most browser extensions I use are utility like tools that do something in the DOM. Like copying HTML tables to Markdown tables, accepting cookie warnings, removing ads, regex find replace et cetera.
With the current news regarding abused b… Continue reading Is there a way to limit browser extension internet access?
After the recent news of multiple compromised popular browser extensions.
Is it possible for organizations to setup browser extension allow and denylists for common browsers such as Edge, Chromium-based, Brave, etc.
If so, in what ways can… Continue reading How to allow or denylist specific browser extensions in popular browsers?
Currently, I develop a frontend for a simple REST API. I use Angular 18 with its material components and Transloco for localization.
A friend sent me a screenshot today, where a menu item with a localization key like "common.add"… Continue reading Website shows unexpected message instead of localised text [closed]
I know that sites can share some information between each other by sharing cookies amongst themselves. They have to be in some kind of agreement with each other I assume? Or can any random site read all the cookies that are currently saved… Continue reading of the cookies created by OTHER websites, which ones would the browser allow a website to access?
I was using yt-dlp to download YouTube videos. It has an option to obtain cookies directly from the browser, probably all of them.
Do the browsers store the cookies with any encryption?
If so, how does the program get the cookies?
If not, … Continue reading Are cookies stored with encryption and and how do browsers protect them?
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to implement browser-side caching to redu… Continue reading Browser- side caching of encrypted sensitive informations in sessionStorage?
I have a web page with a Cross-Origin-Embedder-Policy: require-corp header. When I include an cross-origin image without CORP or CORS headers in the response, I expect the image to be blocked, because of the Cross-Origin-Embedder-Policy. H… Continue reading Image loaded despite Cross-Origin-Embedder-Policy: require-corp
Normal ‘deleting’ of data and actually randomly overwriting it are very different in terms of security. So, just deleting passwords is not considered secure, because they can be recovered.
And although nearly all browsers encrypt their sav… Continue reading Are the encrypted browser-saved passwords randomly overwritten when deleted?
This is a follow-up to a question regarding recent Internet Archive hacking.
Website web.archive.org was restored in a readonly mode but is it safe to use it? Looking at the brief disclosure of the attack, in addition to DDoS, which is jus… Continue reading Is it safe to use Internet Archive following its cyber-attack?
I remember back in the good old days of ActiveX visiting a malicious site could spell disaster for the user. But from my understanding, browsers today are usually sandboxed so how vulnerable are users to malicious websites?
I am not talkin… Continue reading How prevelant are browser based attacks nowdays?