8 Matching Annotations
  1. Dec 2020
  2. github.com github.com
    Rich-Harris/devalue
    2
    1. TylerRick 16 Dec 2020
      ${JSON.stringify(state)}
      interpolating without escaping (using raw unescaped value) avoid doing (bad ideas) security security: cross-site scripting (XSS) vulnerability
    2. TylerRick 16 Dec 2020
      XSS mitigation
      security: cross-site scripting (XSS) vulnerability
    Visit annotations in context

    Tags

    Annotators

    URL

    github.com/Rich-Harris/devalue
  3. Oct 2020
  4. helpx.adobe.com helpx.adobe.com
    Canonicalize
    1
    1. TylerRick 01 Oct 2020
      security: cross-site scripting (XSS) vulnerability
    Visit annotations in context

    Tags

    Annotators

    URL

    helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-c-d/Canonicalize.html
  5. May 2020
  6. www.facebook.com www.facebook.com
    What is a Self-XSS scam on Facebook? | Facebook Help Center | Facebook
    1
    1. TylerRick 28 May 2020
      scam security: cross-site request forgery security: cross-site scripting (XSS) vulnerability
    Visit annotations in context

    Tags

    Annotators

    URL

    facebook.com/help/246962205475854
  7. Nov 2018
  8. zh.wikipedia.org zh.wikipedia.org
    跨站请求伪造 - 维基百科,自由的百科全书
    1
    1. catcuts 21 Nov 2018
      跟跨网站脚本(XSS)相比,XSS 利用的是用户对指定网站的信任,CSRF 利用的是网站对用户网页浏览器的信任。

      XSS 是对客户端的攻击

      CSRF 是对服务端的攻击

      xss csrf
    Visit annotations in context

    Tags

    Annotators

    URL

    zh.wikipedia.org/wiki/跨站请求伪造
  9. Oct 2018
  10. dzone.com dzone.com
    Using the SameSite Cookie Attribute to Prevent CSRF Attacks - DZone Security
    1
    1. kael 26 Oct 2018
      xss http security
    Visit annotations in context

    Tags

    Annotators

    URL

    dzone.com/articles/using-the-same-site-cookie-attribute-to-prevent-cs
  11. scotthelme.co.uk scotthelme.co.uk
    Cross-Site Request Forgery is dead!
    1
    1. kael 26 Oct 2018
      xss security http
    Visit annotations in context

    Tags

    Annotators

    URL

    scotthelme.co.uk/csrf-is-dead/
  12. Sep 2018
  13. github.com github.com
    cure53/DOMPurify
    1
    1. kael 21 Sep 2018
      DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
      dompurify json-ld dom security xss
    Visit annotations in context

    Tags

    Annotators

    URL

    github.com/cure53/DOMPurify