All Questions
Tagged with secure-coding javascript
8 questions
2
votes
1
answer
235
views
What are the security considerations for coding a website with interactive scripts but no backend?
I am developing a simple grammar study website with Bootstrap 5, JQuery and Javascript. It will have interactive grammar quizzes and flashcards. I would like users to be able to type in answers to ...
0
votes
0
answers
169
views
Allowing users to add arbitrary JavaScript in published articles
It would be nice if sites like Medium or Substack allowed users to not only add text, images, code snippets, etc., but also custom scripts that allowed readers to run a little piece of code. For ...
- 101
43
votes
3
answers
34k
views
Why is there no web client for Signal?
I’ve read about E2EE (end to end encryption) of Signal in web clients on a Signal Community discussion forum, and wonder why they say that the browser is insecure for E2EE and native apps are secure.
...
- 547
1
vote
2
answers
1k
views
Regenerating CSFR token in AJAX requests
I would like to create a new token for each request and would like to us the following template-
<script>
var current_token=<?php echo $_SESSION['csrf_token']; ?>
$....
- 11
3
votes
2
answers
8k
views
Common JavaScript Vulnerabilities
Can someone recommend a secure coding guideline for JavaScript?
Is there a set of common vulnerabilities that are closely related to the JavaScript programming language? What I am searching for are ...
- 59
1
vote
1
answer
537
views
What are the risks associated with a vulnerable javascript in a client context?
Background: it is not difficult to introduce vulnerabilities in backend/API code when not coding with security in mind. This typically leads to vulnerabilities such as XSS or various injections (or ...
- 9,096
1
vote
2
answers
182
views
What are the potential consequences of evaluating user input with client side JavaScript?
I have a website into which a user enters a line equation (such as y=2x+5) and it displays the equation to them.
Currently, to plot the equation I'm simply running eval() on the input string, like ...
- 960
-1
votes
1
answer
1k
views
Can someone break my anti DOM-based XSS javascript function? [closed]
Can someone break my anti DOM-based XSS javascript function using window.location?
function parseparameters()
{
var href = window.location.href;
var id = href.indexOf('#');
...
- 27