Skip to content

Tag: security

How can prevent Stored XSS by iframe?

I use Extjs and JS to build a dialog where can display my html data from DB, that data is wrapped with iframe like this: I tried to add sandbox to iframe, but it doesn’t work, the XSS alert still show. Then I tried to change to <iframe src=’#’… sandbox>, but XSS alert still show.…

FileReader upload safety

Say I have <input type=”file”> without any forms, and obtain an image selected by this input via File’s Blob javascript API: And that’s all. Say, there is no php script in my server at all. User just uploads picture via the code below, and, for example, see how the picture is displaying in t…

Google reCaptcha V2 (Invisible) only fires once

today i tried to implement Google ReCAPTCHA V2 in ivisible mode. In the documentation, they showed, how to use it. I tried this solution, but the “onSubmit” function only gots called once. After that, the Button simply does nothing… Its there a way to fix that Issue without reloading the pag…

Electron, contextIsolation and contextBridge

I recently had to revamp an old Electron app. I found out that it had contextIsolation set to false, so I went ahead and set it to true (and btw set nodeIntegration to false). As expected, it broke the ipc communications So I used, as advised in many places, a preload script that enables some communications c…