javascript - Could this be considered a security vulnerability? -


i discovered javascript in site didn't sanitize external data (sitename), it's used in such way think not represent problem. certainly, best thing filter expected values interact code , there no worry unexpected input. but, how damage inflicted in current setup?

var branding = {     'website1.com' : {         color: 'red'     },     'website2.com' : {         color: 'blue'     } };  var sitename = document.referrer.split('/')[2];  var myelements = document.queryselectorall(".some-class-name");  (var = 0; < myelements.length; i++) {     myelements[i].style.color = branding[sitename]['color']; }

this code poorly conceived, don't think it's exploitable.

  • document.referrer.split('/')[2] extracts hostname of referrer. attacker might have control on hostname, limited degree; can't put field can't register or set domain name.

  • branding[sitename] made interesting things if sitename name of internal property on object, __proto__, or method name, hasownproperty. however, none of these properties have been valid internet hostnames, none of them have periods in them. __proto__ contains underscores, aren't valid in hostnames!

  • if sitename not constrained, following ['color'] still limits code. functions (like hasownproperty) wouldn't have color property; nor object prototype, looks dead end.

  • even if assume weird value function somehow got result, assigning value .style.color wouldn't weird.

the potential vulnerability avoided, though:

var sitename = document.referrer.split('/')[2];  if (branding.hasownproperty(sitename)) {     ... else ... }

object.hasownproperty false method names , "weird" properties __proto__; it's true properties have been explicitly declared on object. limit following code running intended site names.


Comments

Post a Comment

Popular posts from this blog

'hasOwnProperty' in javascript -

i use obj.hasownproperty judge whether object has property, when replaced obj[prop] !== undefined , not normal implementation, ask, why behind method can not use it? object.hasownproperty(prop); object[prop] !== undefined; obj[prop] !== undefined wrong 2 reasons: you can explicitly set property undefined , obj[prop] = undefined; . obj.hasownproperty(prop) return true in case. obj[prop] follow prototype chain, return property that's inherited. obj.hasownproperty(prop) returns true if property exists directly in object, returns false inherited properties.
Read more

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -

i trying put lock on table while writing on table , if happened in between roll-back . trying convert below code lock table test_g1 read; lock table test_g write; -- begin; start transaction; insert test_g1 values(143); insert test_g values(145); select * test_g1; select * test_g; rollback; select * test_g; unlock tables; how convert above code @transactional spring jdbctemplate code? @transactional(rollbackfor={dataaccessexception.class}) public void test(){ jdbctemplate.execute("insert test1 (id, nam) values (4, 'a')"); throw new dataaccessexception("error") { }; } here trying throw error, insert statement should rollback it's not happening . thanks edit-1 attaching code , doing in jdbcdaoimpl.java , mentioned problem comment above test() . app.java package com.cgiri.javabrains.spring4; import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.applic...
Read more

c# - Update a combobox from a presenter (MVP) -

i using mvp in project, new in mvp. have 2 comboboxes. when select option in combobox, combobox should filled new data. this action in presenter. view 'view1' in presenter, , introduced combobox1 , combobox2 properties in 'view1', because need 'datasource', 'displaymember', 'valuemember' , 'refresh()' in method below. but, when using pattern, enough send property like public string combobox2 { { return combobox1.selectedvalue.tosstring(); } } into presenter not whole combobox. how can solve problem? public void onselectedindexchangedcombobox1() { if (view1.combobox1.selectedindex == -1) { return; } datatable dt = tools.getdatatable("a path"); var query = (from o in dt.asenumerable() o.field<string>("afield") == farmerview.combobox1.selectedvalue.tostring() orderby o.field<string>("anotherfield") select...
Read more