Home » Tutorials » Javascript Programming » JavaScript Hijacking
JavaScript Hijacking
983
Category : Tutorials » Javascript Programming
. allows an unauthorized party to read sensitive data contained in JavaScript. messages. . use JavaScript as a data transport mechanism. .
Download File Free PDF eBooks Download Tutorials Javascript Programming
Content Summary :
An increasing number of rich Web applications, often called AJAX applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read sensitive data contained in JavaScript messages. The attack works by using a tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed the 12 most popular AJAX frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET AJAX (a.k.a. Atlas), XAJAX and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation.
Favorite Javascript Programming PDF File
4765
Acrobat JavaScript Scripting Guide
category Tutorials » Javascript Programming
25. What Can You Do with Acrobat JavaScript . 35. Using a JavaScript Editor. . 44. Using the Acrobat JavaScript Debugger. .
1920
Hijacking JavaScript
category Tutorials » Javascript Programming
. allows an unauthorized party to read confidential data contained in JavaScript. messages. . use JavaScript as a data transport mechanism. .
3578
Javascript
category Tutorials » Javascript Programming
Netprog JavaScript. 2. Smart Browsers. acirc euro cent Most browsers support a tag . Netprog JavaScript. 12. Objects. Objects have attributes and methods. .
2981
JavaScript Scripting
category Tutorials » Javascript Programming
JavaScript. What is not possible with JavaScript . A JavaScript program can appear. In a file by itself typically named with the extension .js .
1434
JavaScript 2 0 Evolving A Language For Evolving Systems
category Tutorials » Javascript Programming
JavaScript is a very widely used language and evolving it presented . JavaScript as a language has computational. facilities only acirc euro rdquo there are no input output .
