Skip to content

Tag: xss

What does =_= mean in JavaScript or HTML?

Reading this XSS cheat sheet, I noticed a special usage I have never seen: What does “=_=” mean? It’s below the sentence “On Mouse Over​”. Answer It’s just an attribute on the element. It doesn’t have any meaning by itself, so it may be present simply as a red herring. Prettified, the code is: In HTML, = in an attribute

Key Management: Hardcoded Encryption Key for chart.js

I facing issue related to “Key Management: Hardcoded Encryption Key” for chart.js api. We are using Fortify Scanning for security purpose. How to avoid the ‘Hardcoded Encryption Key’. After scanning we found the line of code that is hardcoded in chart.js. Is there any way to resolve this issue. Answer After analysed the chart.js code file, we have found there

How do you use window.postMessage across domains?

It seems like the point of window.postMessage is to allow safe communication between windows/frames hosted on different domains, but it doesn’t actually seem to allow that in Chrome. Here’s the scenario: Embed an <iframe> (with a src on domain B*) in a page on domain A The <iframe> ends up being mostly a <script> tag, at the end of which’s