jQuery is a JavaScript library used for DOM manipulation.
Questions tagged [jquery]
38 questions
0
votes
1 answer
How to prevent XSS attack on selected window.location in javascript
This is my code where i have a userId in a method SwitchUser_Click. I need to prevent or somehow encode the return value from the switchUser_Click as it includes the UserId of a user vulnerable to XSS attack or redirects.
function…
user3920526
- 101
- 1
- 2
0
votes
0 answers
DOM XSS via JQuery function init()
Burp reported potential DOM XSS. Data is read from location and passed to the 'init()' function of JQuery via:
var table = location['table'] || location['sysparm_table'];
snPresence.init(table, sys_id, query);
URL looks as…
Roman Nenko
- 1
- 2
0
votes
0 answers
Is this code vulnerable to DOM based XSS? jquery wrap()
Data is read from window.location and passed to the wrap() function of function of jQuery via the following statement:
t.Location.wrap(window.location)
The version of jQuery in use is the 1.12.1 - Is this code vulnerable to DOM based XSS?
John Flow
- 1
- 1
0
votes
1 answer
Is this code vulnerable to dom based XSS?
Is this code vulnerable to DOM based XSS?
The application is using jQuery 3.3.1 and i noticed that Data is read from
window.location.hash and passed to $() via the following statements:
var hash = window.location.hash.substring(1);
var elem =…
Jamyzed
- 11
- 2
0
votes
2 answers
Adding Escaped HTML to DOM
I am learning about XSS and am in the process of trying to understand why escaped HTML added to the DOM is triggering XSS vulnerability.
The application will draw a modal overlay for a form (bootstrap) and add in HTML (both escaped and unescaped) to…
Gerad Bottorff
- 3
- 3
0
votes
2 answers
Is it secure to get auth TOKEN from server with javascript?
Is it secure to manipulate with auth token inside client side javascript over https ?
I want to pass that token to websocket after login.
$.getJSON(
$SCRIPT_ROOT + '/jscript_get_auth_token',
{},
function(data)
{
// Extract token from data then…
se7en
- 1
-4
votes
1 answer
I want to hide my youtube embeded code from my source code
I have iframe in my website i want it to be encrypted so that user can't understand the link and when user try to paste on browser it should show the video