![]() ![]() The browser happily downloads and executes any code a page requests, regardless of source. We trust that code, but we can't expect the browser to figure out on its own that code from is awesome, while code from probably isn't. For example, the Google +1 button at the bottom of this page loads and executes code from in the context of this page's origin. The issue exploited by XSS attacks is the browser's inability to distinguish between script that's part of your application and script that's been maliciously injected by a third-party. Report policy violations to your server before enforcing them.Inline code and eval() are considered harmful. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |