Javascript Security

Little code snippet a colleague of mine stumbled across..

Go to any site, then in the address line of your browser for that site, replace the entire URL with the code below.

Watch as you can now edit any content on the page. This serves as an example of why server side request validation and/or anti-XSS techniques and libraries are crucial in all coding practices.

As additional security measures, check HTTP headers and authenticate all POST and GET headers as well to prevent these kind of attacks.

javascript: document.body.contentEditable = 'true'; document.designMode = 'on'; void 0
Advertisements

About Ronnie Diaz

Ronnie Diaz is an enterprise software engineer responsible for front-end and back-end development for companies in many industries. Heavily involved in cloud development, online retail, e-commerce and electronic ordering, fulfillment and customer relational systems.

Posted on July 1, 2010, in Programming & Development, Security & Cryptography and tagged , , , , , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: