Skip to content
Advertisement

Tag: security

Form body in a POST ending up as URL params?

Our stack: Vue.js frontend using vuetify component lib custom python middleware rest api using flask + tornado matomo running externally and connected to the frontend using vues plugin system.(https://github.com/AmazingDreams/vue-matomo) We recently added matamo to our site and very very rarely we’ve noticed 4 incidents out of thousands of users where the username/password which is submitted via POST request to our

vuex empty state on logout

Quick story of my problem: Absolutely no data is stored in my vuex state when the page loads If the user is logged in(or has info stored in window.localStorage and therefore gets auto logged in) my vuex store retrieves all the info from a socket that requires authentication. Then the user logs out, But my vuex state save still retains

Is there any way to make user uploaded SVG images safe from code injection etc?

I want to display user uploaded SVG images on a website, but they’re quite open to exploits: https://security.stackexchange.com/questions/11384/exploits-or-other-security-risks-with-svg-upload https://security.stackexchange.com/questions/36447/img-tag-vulnerability For example, arbitrary javascript can be embedded in SVG. There’s also issues with performance exploits, but I’d consider those lower priority. Is there any mechanism to make SVG somewhat safe and only use it as an image? Can I simply trust

CSRF protection with CORS Origin header vs. CSRF token

This question is about protecting against Cross Site Request Forgery attacks only. It is specifically about: Is protection via the Origin header (CORS) as good as the protection via a CSRF token? Example: Alice is logged in (using a cookie) with her browser to https://example.com. I assume, that she uses a modern browser. Alice visits https://evil.example, and evil.example’s client side

How to store a password as securely in Chrome Extension?

I’m writing an Chrome extension right now which autofills credentials similar to Chrome’s autofill (in which case Chrome’s autofill fails). Is there a secure way to store the username/password in localstorage (all client-side)? If I encrypt the password, won’t the key be locally stored as well effectively making the encryption useless? Effectively, I want the user’s credentials to be as

What makes an input vulnerable to XSS?

I’ve been reading about XSS and I made a simple form with a text and submit input, but when I execute <script>alert();</script> on it, nothing happens, the server gets that string and that’s all. What do I have to do for make it vulnerable?? (then I’ll learn what I shouldn’t do hehe) Cheers. Answer Indeed just let the server output

Advertisement