9 Matching Annotations
  1. Feb 2021
  2. stackoverflow.com stackoverflow.com
    Why are iframes considered dangerous and a security risk?
    1
    1. TylerRick 03 Feb 2021
      IFRAME element may be a security risk if any page on your site contains an XSS vulnerability which can be exploited
      security: cross-site scripting (XSS) vulnerability web: iframes
    Visit annotations in context

    Tags

    Annotators

    URL

    stackoverflow.com/questions/7289139/why-are-iframes-considered-dangerous-and-a-security-risk
  3. Dec 2020
  4. github.com github.com
    Rich-Harris/devalue
    2
    1. TylerRick 16 Dec 2020
      ${JSON.stringify(state)}
      interpolating without escaping (using raw unescaped value) avoid doing (bad ideas) security security: cross-site scripting (XSS) vulnerability
    2. TylerRick 16 Dec 2020
      XSS mitigation
      security: cross-site scripting (XSS) vulnerability
    Visit annotations in context

    Tags

    Annotators

    URL

    github.com/Rich-Harris/devalue
  5. Oct 2020
  6. helpx.adobe.com helpx.adobe.com
    Canonicalize
    1
    1. TylerRick 01 Oct 2020
      security: cross-site scripting (XSS) vulnerability
    Visit annotations in context

    Tags

    Annotators

    URL

    helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-c-d/Canonicalize.html
  7. May 2020
  8. www.facebook.com www.facebook.com
    What is a Self-XSS scam on Facebook? | Facebook Help Center | Facebook
    1
    1. TylerRick 28 May 2020
      scam security: cross-site request forgery security: cross-site scripting (XSS) vulnerability
    Visit annotations in context

    Tags

    Annotators

    URL

    facebook.com/help/246962205475854
  9. Nov 2018
  10. zh.wikipedia.org zh.wikipedia.org
    跨站请求伪造 - 维基百科,自由的百科全书
    1
    1. catcuts 21 Nov 2018
      跟跨网站脚本(XSS)相比,XSS 利用的是用户对指定网站的信任,CSRF 利用的是网站对用户网页浏览器的信任。

      XSS 是对客户端的攻击

      CSRF 是对服务端的攻击

      xss csrf
    Visit annotations in context

    Tags

    Annotators

    URL

    zh.wikipedia.org/wiki/跨站请求伪造
  11. Oct 2018
  12. dzone.com dzone.com
    Using the SameSite Cookie Attribute to Prevent CSRF Attacks - DZone Security
    1
    1. kael 26 Oct 2018
      xss http security
    Visit annotations in context

    Tags

    Annotators

    URL

    dzone.com/articles/using-the-same-site-cookie-attribute-to-prevent-cs
  13. scotthelme.co.uk scotthelme.co.uk
    Cross-Site Request Forgery is dead!
    1
    1. kael 26 Oct 2018
      xss security http
    Visit annotations in context

    Tags

    Annotators

    URL

    scotthelme.co.uk/csrf-is-dead/
  14. Sep 2018
  15. github.com github.com
    cure53/DOMPurify
    1
    1. kael 21 Sep 2018
      DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
      dompurify json-ld dom security xss
    Visit annotations in context

    Tags

    Annotators

    URL

    github.com/cure53/DOMPurify