Reading this XSS cheat sheet, I noticed a special usage I have never seen: What does “=_=” mean? It’s below the sentence “On Mouse Over​”. Answer It’s just an attribute on the element. It doesn’t have any meaning by itself, so it may be present simply as a red herring. Prettified, the code is: In HTML, = in an attribute
Tag: xss
Are there different types of HTML closing tags
Recently I came across this type of tag in an HTML: This data was fetched from the server as a JSON and then written into the HTML view. The …
Key Management: Hardcoded Encryption Key for chart.js
I facing issue related to “Key Management: Hardcoded Encryption Key” for chart.js api. We are using Fortify Scanning for security purpose. How to avoid the ‘Hardcoded Encryption Key’. After scanning we found the line of code that is hardcoded in chart.js. Is there any way to resolve this issue. Answer After analysed the chart.js code file, we have found there
Can someone explain me how jjencode works and if is good to use it on my code
Can someone explain me how http://utf-8.jp/public/jjencode.html works and if is good to use it on my code? The first time I tried it I thought that I needed to have some kind of algorithm in my code …
How do you use window.postMessage across domains?
It seems like the point of window.postMessage is to allow safe communication between windows/frames hosted on different domains, but it doesn’t actually seem to allow that in Chrome. Here’s the scenario: Embed an <iframe> (with a src on domain B*) in a page on domain A The <iframe> ends up being mostly a <script> tag, at the end of which’s
What makes an input vulnerable to XSS?
I’ve been reading about XSS and I made a simple form with a text and submit input, but when I execute on it, nothing happens, the server gets that string and that’…