javascript - Is there any XSS threat while having JSON encoded in the URL? -

javascript - Is there any XSS threat while having JSON encoded in the URL? -

In the context of a URL-friendly application I am saving it, there is a JSON in the URL, Is:

  http://mysite.dev/myapppage/target#?context= {22attr1% 22% 3A {% 22target_id- 0% 22% 3a {% 22value% 22% 3a% 223% 22% 2c% I am serializing my object like this:  : "" {{"value": "3", "label": "hello"} }}     JSON.stringify (context)   
 I am deserializing with it:  
  Var hashpairhead elements = window.location.toString (). Partition () '?'; HashParamsEl Ements.shift (); // We just leave the first part of the url var hash para = $ .deparam (hash paraellets.joined ('?')); Var reference string = hashprom.context; var reference = JSON.parse (ContextString);    The reference is stored only to read the variable, there is no evaluation code, can anyone tell me whether this XML is safe or not?  
 If there is a danger: how can I avoid it?   
 
  This type of threat is caused by various methods of JSON decoding, i.e.  eval  and < Code> New Function . These execute the JS code directly and therefore allow non-permanent XSS attacks by adding code to the URL (and adding it).  
  JSON.parse  This problem is not and is protected against these types of attacks.  
   

 


  

















Get link





Facebook





X





Pinterest





Email





Other Apps




Comments





Post a Comment







Popular Posts




apache - How to do an URL rewrite that works with a
pre-existing .htaccess file? -



    I have a platform that is currently available through the URL:    Www.websitecom / index.php? App = forum    Instead, I want people to be able to go here:      & lt; Ifmodule mod_rewrite.c & gt; Option - Multi Views RewriteEngine RewriteBase / RewriteCond on% {REQUEST_FILENAME}! -f Rewrite Convert% {REQUEST_FILENAME}! -d rewriteable /index.php [L] & lt; / IfModule & gt;    It seems that it should be possible, but I'm not sure how to do it.   Thank you!      This has not been tested, but something like that should be done. Add it before the first Rev.Directivity.    RewriteRule ^ forum $ /index.php?app=forums    Alternatively, you redirect from a 301 / forum to index.php URL .   By doing this:    301 / redirect the forum "http://www.website.com/index.php?app = forum    However, it seems that you want to make a proper rewrite, so the first option is better,     






c++ - Which is the fastest algorthm for selecting kth largest number in
an unsorted array containing non -unique elements? -



      संभव डुप्लिकेट:      तत्वों की संख्या 1 से 10 लाख तक भिन्न हो सकती है। इस उद्देश्य के लिए उपलब्ध सबसे तेज़ चयन एल्गोरिदम कौन सा है? कृपया ध्यान दें मुझे लगता है कि एवीएल पेड़ जैसी डेटा संरचनाएं सरणी तत्वों की दोहराव के कारण काम नहीं करेंगी?      ए हे (एन) समय में चला सकता है।   सरणी के माध्यम से एक पास बनाने का सबसे सामान्य तरीका है, अब तक के सबसे बड़े नंबरों को देखते हुए रखें। उस सूची के अंतिम तत्व लौटें @ चेसिया के रूप में  std :: nth_element  (दस्तावेज) इस दृष्टिकोण का उपयोग करने का सबसे तेज़ तरीका है।   यदि आपको हमेशा सबसे ऊपर का सबसे बड़ा आइटम (और डेटा कभी-कभी बदल जाता है), फिर डेटा को एक में संग्रहीत करने पर विचार करें। यह अधिक महंगा है, लेकिन आपको डेटा की "लाइव" संरचना देता है।    






android - How to build apk without eclipse or Modify the apk building
with a config file? -



    I want to create an APK with some big configurations with an XML file.  I want to know if there is any method which can control the APK's building process or encoding at our source, there is no way to create APK with our source from our source, with a slight variation based on our SQF XML file. . Or any other way to create an APK file    When the app is running, I do not want to read my config file every time, I have to include a change in the application        If you want to manually create your application:    If you are developing in Eclipse, then the ADT plugin The enhanced project as you make changes to the source code. Eclipse automatically produces an .apk file in the project's bin folder, so you do not need to do anything extra to generate .apk.   If you are developing in a non-eclipse environment, then you create your project with the Generated Build.xml Ant file in the project directory that creates ant file calls which automatically targets you for Call the buil...








Powered by Blogger