xss

问题 In the OWASP XSS prevention cheat sheet it says that untrusted data cannot be safely put inside the .setinterval JS function. Even if escaped/encoded, XSS is still possible. But if I have something like this: setInterval(function(){ alert('<%=UNTRUSTED_DATA%>'); }, 3000); And if I JS encode "UNTRUSTED_DATA", how would XSS be possible? 回答1: There is an overload of setInterval that accepts a string of code instead of a function, which is basically exec on an interval. I believe that is what the

问题 Imagine a scenario where I want to continuously invoke user-supplied Javascript code, like in the following example, where getUserResult is a function that some user (not myself) has written: for (var i = 0; i < N; ++i) { var x = getUserResult(currentState); updateState(currentState, x); } How can I execute that kind of code in a browser and/or Node.js, without any security risks? More generally, how can I execute a Javascript function that is not allowed to modify or even read the current

问题 Imagine a scenario where I want to continuously invoke user-supplied Javascript code, like in the following example, where getUserResult is a function that some user (not myself) has written: for (var i = 0; i < N; ++i) { var x = getUserResult(currentState); updateState(currentState, x); } How can I execute that kind of code in a browser and/or Node.js, without any security risks? More generally, how can I execute a Javascript function that is not allowed to modify or even read the current

问题 I was not able to understand what the difference between stored xss and reflected xss is. Can you tell me with an example? 回答1: Stored XSS means that some persistant data (typically stored in a databse) are not sanitized in a page, which implies that everyone can be affected by the vulnerability. For example, imagine a forum where users' answers posted are not escaped. If someone posts a topic with some HTML on it, everyone that goes to the topic page will be affected! The risks can generally

问题 I was not able to understand what the difference between stored xss and reflected xss is. Can you tell me with an example? 回答1: Stored XSS means that some persistant data (typically stored in a databse) are not sanitized in a page, which implies that everyone can be affected by the vulnerability. For example, imagine a forum where users' answers posted are not escaped. If someone posts a topic with some HTML on it, everyone that goes to the topic page will be affected! The risks can generally

问题 I'm trying to secure my spring boot application using a XSSFilter like this: public class XSSFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(new XSSRequestWrapper((HttpServletRequest) request), response); } } And the wrapper: public class

问题 I'm trying to download a file using selenium by simulating click on a download button but Chrome reports ERR_BLOCKED_BY_XSS_AUDITOR . If I use the "--disable-xss-auditor" argument to bypass, the page would be reloaded and nothing get downloaded. What seems strange to me is that when I actually download the file with my mouse in a Chrome session that's even controlled by selenium , the file downloads well. Please help me understand what xss auditor does? Why can't I download the file with

问题 I'm trying to download a file using selenium by simulating click on a download button but Chrome reports ERR_BLOCKED_BY_XSS_AUDITOR . If I use the "--disable-xss-auditor" argument to bypass, the page would be reloaded and nothing get downloaded. What seems strange to me is that when I actually download the file with my mouse in a Chrome session that's even controlled by selenium , the file downloads well. Please help me understand what xss auditor does? Why can't I download the file with

问题 I have a couple of websites running on .NET 3.5 still due to an API restriction. We will eventually move these sites to the latest .NET version this year. One of the penetration tests indicated a possible XSS vulnerability. The URL in question is: Location: http://www.foobar.com/basket.aspx/scripts/searchresults.aspx Method: GET Vulnerable Parameter: name of an arbitrarily supplied URL parameter Basically, anything after basket.aspx like scripts/searchresults.aspx will cause the issue. From

问题 I am trying to figure out how to protect, Angular Vue React against XSS attacks. When I visit the Angular official docs, https://angular.io/guide/security , it says: To systematically block XSS bugs, Angular treats all values as untrusted by default. When a value is inserted into the DOM from a template, via property, attribute, style, class binding, or interpolation, Angular sanitizes and escapes untrusted values. and also: Angular sanitizes untrusted values for HTML, styles, and URLs;