Javascript

Injection

Eval

Javascript Injection at it's Finest!, without even using Eval()!

M@dHatter

Rate me:

Please Sign up or sign in to vote.

5.00/5 (2 votes)

15 May 2011CPOL 11.7K   2   1

They need to make javascript only execute in scoped containers within the browser. Don't ask me how, I'm sure the browser companies can make some kinda sandbox element.

They need to make javascript only execute in scoped containers within the browser. Don't ask me how, I'm sure the browser companies can make some kinda sandbox element.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

M@dHatter

Software Developer (Senior) Codevendor

 United States

Please visit my personal website https://codevendor.com for my latest codes and updates.

Comments and Discussions

First Prev Next

I disagree. JavaScript is MADE to extend via the prototype i... Tatsh16-May-11 5:32 Tatsh 16-May-11 5:32  I disagree. JavaScript is MADE to extend via the prototype in each object (although you should not expect this to work on every client, especially IE/JScript). We have a ways to go in terms of security but verifying JSONP requests and CORS are where we are headed (CORS is possible since IE 8 with the XDomainRequest object, on other browsers XHR Level 2). What are we concerned about here? JavaScript injection has always been possible. You have to be very careful what people POST and GET via HTTP in general, not just Ajax requests. Never trust any input from the client side, ever. It must be scraped, cleaned, sanitised, whatever you must do to ensure it is not an attack attempt.

Last Visit: 31-Dec-99 18:00     Last Update: 10-May-24 1:20 Refresh 1

General    News    Suggestion    Question    Bug    Answer    Joke    Praise    Rant    Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.