Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Protection from Self-XSS

A
amarantha last edited by

Are there any protective algorithms from this attack?
Reply Quote 0
1 Reply Last reply
O
obi last edited by

Self-XSS - One of the types of social engineering in which the victim ' s words seek that he/she performs the harmful javascript code by copying it to the target line or the console of the developer.
Fighting can only be done through user training. Like:
Dear users!
Please don't believe personal reports that lead to the death of your beloved actor, if you don't copy the code immediately, and you won't press in.
There's no other way. It's psychology, technically, it's not gonna help.
Reply Quote 0
1 Reply Last reply

2
Posts

0
Views

Suggested Topics

Z

Protection of the annex
Software Programming • c sharp protective • • zymir

2

0
Votes

2
Posts

0
Views

C

Logic is right!The main function of the programme should be on the server and the user ' s client(s).You can use this approach to protect your applications. C#Use a boiler bundle by example: Confuser♪ Babel And so forth. Net.Reactor It doesn't make sense to use it.There are libraries like: mono.cecil and dnlib.dll There's a lot of information on them.
O

How do you count the number of elements inside div?
Software Programming • javascript • • Oba22

2

0
Votes

2
Posts

0
Views

T

For any number of blocks:document.querySelectorAll('.ads').forEach(el => { el.classList.add(`gridTemplateColumns${el.querySelectorAll('.ads__part').length}`); console.log(el.outerHTML); });<div class="ads"> <div class="ads__part"></div> </div> <div class="ads"> <div class="ads__part"></div> <div class="ads__part"></div> <div class="ads__part"></div> <div class="ads__part"></div> </div> <div class="ads"> <div class="ads__part"></div> <div class="ads__part"></div> </div>
A

Searching duplicate elements in JS collections
Software Programming • javascript filter collection lodash • • amarantha

2

0
Votes

2
Posts

0
Views

E

const res = _.chain(collections) .groupBy('level') // группируем по level .values() // берем только массивы соответствующие level .filter(arrs => _.size(arrs) > 1) // берем те массивы, в которых элементов больше 1 (не уникальные) .flatten() // выпрямляем массив .value();
When should you use self in a Model in Rails?
Software Programming • ruby on rails ruby • • Demir

2

0
Votes

2
Posts

0
Views

A

When you do rotting = true, what you're doing is declaring a local variable that works within the method make_rotting and will disappear when the execution of the method ends.Now, when you call self.rotting = true, you're asking to modify the attribute rotting of your current instance zombieThat's how it should be done.In general, in a model instance method, you should use self when you modify attributes or when there is any ambiguity between calling a local variable and an already defined attribute/method, for example: def make_rotting(age) if (age || self.age) > 20 self.rotting = true end end The first call to age refers to the local variable that comes as a parameter of the method, while the second (self.age) refers to the attribute, without necessarily changing this attribute.As to why it's the same to call age or self.age If the case is just reading an attribute, it is by the order in which ruby tries to resolve the call to age:First review in the field make_rotting if there is any variable age defined.In case you do not find him, you will search in the field of the instance of zombie Yeah. ageIt's defined.In case of use self.age, you are explicitly indicating that you seek the definition at the instance of zombie.
A

A self-extensive, self-extensive body as a non-exhaustive virtual memory
Software Programming • algorithm c+++ • • Amritpal

2

0
Votes

2
Posts

0
Views

R

Under WinApi, just put everything in a temporary file. FILE_ATTRIBUTE_TEMPORARYThen, without closing the file, display the parts that need to be read. Everyone!Vinda (at least 7) has a disklash, which clashes frequently or recently read pieces of files at the OES. I mean, doing exactly what you want to do. Flag FILE_ATTRIBUTE_TEMPORARY Says the file system that you want to create what's in character, a temporary file, and that's why you need a block of this file to be held in the cash. If there's enough memory under the cash, of course.I do not recommend that OES be used. No WinApi swap is available, this is an automatic system-wide process. In other words, the swap begins when memory is missing, that is when the whole system is already sitting. And the removal of 10 GBs can easily lead to this.
S

Class protected and public
Software Programming • c sharp objec languaget orientati • • simrah

2

0
Votes

2
Posts

0
Views

A "top-level" class (defined directly in the namespace) cannot be protected - it's a compilation error. You can only define classes protected if they are defined within other classes (as in this class). What the modifier does is that only the class itself within which its Nested class is defined, or your subclasses, can access your protected class.For example:protected class A { } // não compila - erro public class B { protected class C { } private void Metodo1() { // Funciona var c = new C(); Console.WriteLine(c); } } public class D { private void Metodo2() { var c = new C(); // não compila - erro Console.WriteLine(c); } } public class E : B { private void Metodo3() { // Funciona var c = new B.C(); Console.WriteLine(c); } }
How do we get to the intended properties of the facility in the cycle?
Software Programming • javascript objects • • inna

2

0
Votes

2
Posts

0
Views

G

The properties can be addressed through brackets. top_obj['nest_obj1'] We can then give the brackets the variable. And the key in the cycle is the object's key, not the object that's injected, so we need to. top_obj[key]
D

How does csrf-protection work on CodeIgniter?
Software Programming • ajax mvc codeigniter csrf token • • Duquan

2

0
Votes

2
Posts

0
Views

1. Is csrf protection used only for requests in forms?No. Self https://www.codeigniter.com/user_guide/general/security.html?highlight=csrf#csrf-protection says it serves for every request that is not a GET-HTTP:CodeIgniter provides CSRF protection out of the box, which will get automatically triggered for every non-GET HTTP request, but also needs you to create your submit forms in a certain way. This is explained in the Security Library documentation.Basically: affects all requests $POST, and also applies to FORMS that they use $POST. When you activate the use of Cross-site request forgery (CSRF) in configuration of CodeIgniter ( https://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf ), it is recommended that you build your FORMS using https://www.codeigniter.com/user_guide/helpers/form_helper.html#form_open , pq this will create a kind field hidden hidden that will recover this hash automatically to vc every time FORM is reloaded (tb gives to create this field manually in each FORM).2. How does it work for requests without submission of forms?First you need to set the basic settings in your application/config/config.php. I did something like this:$config['csrf_protection'] = TRUE; $config['csrf_token_name'] = 'ci_adminlte_csrf'; $config['csrf_cookie_name'] = 'csrf'; $config['csrf_expire'] = 7200; $config['csrf_regenerate'] = TRUE; $config['csrf_exclude_uris'] = array( 'controllerName/methodName' ); See the variable $config['csrf_token_name']? This will be the name of the variable in the system, that is, ci_adminlte_csrf. Knowing this, also know something else: the CodeIgniter has 2 native methods to recover the name and value of this token/hash: get_csrf_token_name() and get_csrf_hash() ( https://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf If you use the form helper, then form_open() will automatically insert a hidden csrf field in your forms. If not, then you can use get_csrf_token_name() and get_csrf_hash()That is, to recover the name: $name = $this->security->get_csrf_token_name(), and to recover the current value: $hash = $this->security->get_csrf_hash(). The secret of requests without FORM: You have to load the current value of hash to the browser. PHP happens in backend, then, every time the value of hash is updated, the browser does not know unless you tell it. I use a variable JavaScript that recovers the current value for me. To get the current value in PHP, use one method in any controller:/** * Recupera o hash CSRF * @return string Valor do hash armazenado na memória */ function get_csrf_hash(){ echo $this->security->get_csrf_hash(); } Using the code: echo $ci->security->get_csrf_token_name()."='".$ci->security->get_csrf_hash()."';\n";. you can create something like this: ci_adminlte_csrf='909a7d6f8450a7a0d13db960184d050b';. I put it in one helper and I did it here: <script type='text/javascript'> ci_adminlte_csrf='909a7d6f8450a7a0d13db960184d050b'; function get_csrf_hash(){ $.get("controller/get_csrf_hash", function (resp) { ci_adminlte_csrf = resp; $("input[name*='ci_adminlte_csrf']").val(resp); } ); } </script> Each request without FORM call function JavaScript get_csrf_hash() to reload both the value of the variable and the input name ci_adminlte_csrf.Note: O config.php of the application has the variables $config['cookie_prefix'] and $config['csrf_cookie_name'] that serve to create a cookie that instantiates the value of token/hash csrf. So if you need it, you can just do it JavaScript recover the value of this cookie that is already automatically recorded by the application. Browse the list of browser cookies.3. What part of the request is lodged hash-protection token?It depends. No requests with FORM has a field hidden hidden that carries the value of hash. If you are not building FORMS with https://www.codeigniter.com/user_guide/helpers/form_helper.html#form_open will need to create this field within FORM, and function JavaScript get_csrf_hash() It'll help you. In requisitions without FORM this is described in the answer to question 2, above. Read carefully that vc will understand where it is stored and how to recover name and value from token/hash, and function JavaScript get_csrf_hash() It'll help you again.That's it.
G

What does this expression mean?
Software Programming • javascript php • • gionna

2

0
Votes

2
Posts

0
Views

A

Simplified answerThis is an abbreviated form of:$b = $b * 200; in the same way there are abbreviations for sum, division and multiplication$b = $b - 200; $b -= 200; $b = $b + 200; $b += 200; $b = $b / 200; $b /= 200; More detailed answerThis is a Operador Combinado where a simple assignment is combined (passing the value of one variable to another) with an arithmetic operation with the variable that will store the attribution (the result).
Changes in line colour in HTML table
Software Programming • javascript html • • Bogopo

2

0
Votes

2
Posts

0
Views

You don't have an el-ta. id=tr, instead the already created variable should be used wiersz That's exactly what it contains.In sum, you just need to replace the line.document.getElementById('tr').className = "RodzinaZielony"; ♪wiersz.classList.add("RodzinaZielony"); // wiersz.className = "RodzinaZielony"; and linedocument.getElementById('tr').className = "PracaOrange"; ♪wiersz.classList.add("PracaOrange"); // wiersz.className = "PracaOrange"; document.getElementById("myBtn").addEventListener('click', dodajWiersz); var lp = 1; function dodajWiersz() { var wiersz = document.createElement("tr"); var liczba = document.createElement("td"); liczba.innerHTML = lp; var imie = document.createElement("td"); var val2 = document.getElementById("imie").value; imie.innerHTML = val2; var nazwisko = document.createElement("td"); var val3 = document.getElementById("nazwisko").value; nazwisko.innerHTML = val3; var email = document.createElement("td"); var val4 = document.getElementById("email").value; email.innerHTML = val4; var wiek = document.createElement("td"); var val5 = document.getElementById("wiek").value; wiek.innerHTML = val5; var data = document.createElement("td"); var val6 = document.getElementById("data").value; data.innerHTML = val6; var plec = document.createElement("td"); var val7 = document.querySelector('input[name="gender"]:checked').value; plec.innerHTML = val7; var grupa = document.createElement("td"); var val8 = document.getElementById("grupa").value; grupa.innerHTML = val8; switch(val8) { case "Rodzina": wiersz.classList.add("RodzinaZielony"); break; case 'Praca': wiersz.classList.add("PracaOrange"); break; default: break; } wiersz.appendChild(liczba); wiersz.appendChild(imie); wiersz.appendChild(nazwisko); wiersz.appendChild(email); wiersz.appendChild(wiek); wiersz.appendChild(data); wiersz.appendChild(plec); wiersz.appendChild(grupa); var dodac = document.getElementById("tbd"); dodac.appendChild(wiersz); lp = lp + 1; }tr.RodzinaZielony { background-color: lightgreen; } tr.PracaOrange { background-color: lightsalmon; }<table id="customersKontakty"> <thead> <tr> <th>Liczba porządkowa</th> <th>Imię</th> <th>Nazwisko</th> <th>Email</th> <th>Wiek</th> <th>Data urodzenia</th> <th>Płeć</th> <th>Grupa</th> </tr> </thead> <tbody id="tbd"> </tbody> </table> <element class="plabel"> <br><br><br> <p class="plabell">Imię:<p><input type="text" id="imie"></p></p> <p class="plabell">Nazwisko:<p><input type="text" id="nazwisko"></p></p> <p class="plabell">Email:<p><input type="email" id="email"></p></p> <p class="plabell">Wiek:<p><input type="number" id="wiek"></p></p> <p class="plabell">Data urodzenia:<p><input type="date" id="data"></p></p> <p class="plabell">Płeć: <p> <input type="radio" name="gender" value="Mężczyzna"> Mężczyzna <input type="radio" name="gender" value="Kobieta"> Kobieta </p> </p> <p class="plabell">Grupa: <p> <select id="grupa"> <option value="Rodzina">Rodzina</option> <option value="Przyjaciele">Przyjaciele</option> <option value="Praca">Praca</option> <option value="Znajomi">Znajomi</option> </select> </p> </p> </element> <p align="center"><input type="button" value="Dodaj osobę" id="myBtn"></p>
T

Protecting the site from physical replication
Software Programming • php protection • • terrea

2

0
Votes

2
Posts

0
Views

O

http://habrahabr.ru/post/140159/ Look at the section of the license building.If you leave the code without fusing, you'll be able to analyze it, for example, by debagger, and make the necessary corrections to work outside your host.
A

ES6 WeakMap obtain a list of values or an event to collect debris from the site
Software Programming • javascript ecmascript 6 • • Amritpal

2

0
Votes

2
Posts

0
Views

C

https://learn.javascript.ru/set-map#weakmap-%D0%B8-weakset WeakMap has several limitations:No size properties. You can't remove the elements of the heteror or forEach.No clear method().Conclusion: The method has to be used to find out whether the object exists or not.
M

self [action] () is a list or what is it?
Software Programming • javascript list prototype delegates • • magpie

2

0
Votes

2
Posts

0
Views

E

Look, there are two ways to turn to the site ' s s/method.1 through point (notification )const a = { method: (str) => alert(str), prop: 'prop' } a.method(a.prop); 2 through square bracketsconst a = { method: (str) => alert(str), prop: 'prop' } a['method'](a['prop']); Once the second option uses a line, we can keep this line in the variable.const a = { method: (str) => alert(str), prop: 'prop' } const action = 'method'; a[action](a['prop']); // передали именно переменную, которая вернула нужный метод/св-во In your code, that's what happens, getAttribute returns the attribute value in the form of a line we use further to cause the right method of the object.
K

Error with json in jquery
Software Programming • javascript php jquery json • • kalena

2

0
Votes

2
Posts

0
Views

R

I think the mistake might be that you're not properly matching the variable you receive by parameter would be something like this:function buscaInvocador($nombre){ $.ajax({ url: "https://euw1.api.riotgames.com/lol/summoner/v3/summoners/by-name/"+$nombre+"?api_key=RGAPI-de016c14-78f2-4e19-82a7-33526d8bed4c", dataType: "json", }).done(function(){ $('.idInvocador').append("Hola"); }).fail(function(){ $('.idInvocador').append("Adios"); })
S

How to automatically set a datetimepicker period?
Software Programming • javascript java jquery bootstrap jsp • • shizuka

2

0
Votes

2
Posts

0
Views

R

What you want to do can be done in the onclose of datepicker, which is called when closed after selecting a date:$('#datetimepicker2').datetimepicker({ ....., onClose: function( selectedDate ) { var date2 = $('#datetimepicker2').datepicker('getDate'); date2.setDate(date2.getDate()-90); //Aqui modificas los días como quieras $("#datetimepicker1").datepicker( "option", "minDate", date2); //Si quieres darle un nuevo valor al datepicker $("#datetimepicker1").datepicker( "option", "defaultDate", date2); } }); Note that the date you give it must be within the allowed dates range.

Protection from Self-XSS

Suggested Topics

Protection of the annex Software Programming • c sharp protective • • zymir

How do you count the number of elements inside div? Software Programming • javascript • • Oba22

Searching duplicate elements in JS collections Software Programming • javascript filter collection lodash • • amarantha

When should you use self in a Model in Rails? Software Programming • ruby on rails ruby • • Demir

A self-extensive, self-extensive body as a non-exhaustive virtual memory Software Programming • algorithm c+++ • • Amritpal

Class protected and public Software Programming • c sharp objec languaget orientati • • simrah

How do we get to the intended properties of the facility in the cycle? Software Programming • javascript objects • • inna

How does csrf-protection work on CodeIgniter? Software Programming • ajax mvc codeigniter csrf token • • Duquan

What does this expression mean? Software Programming • javascript php • • gionna

Changes in line colour in HTML table Software Programming • javascript html • • Bogopo

Protecting the site from physical replication Software Programming • php protection • • terrea

ES6 WeakMap obtain a list of values or an event to collect debris from the site Software Programming • javascript ecmascript 6 • • Amritpal

self [action] () is a list or what is it? Software Programming • javascript list prototype delegates • • magpie

Error with json in jquery Software Programming • javascript php jquery json • • kalena

How to automatically set a datetimepicker period? Software Programming • javascript java jquery bootstrap jsp • • shizuka

Protection of the annex
Software Programming • c sharp protective • • zymir

How do you count the number of elements inside div?
Software Programming • javascript • • Oba22

Searching duplicate elements in JS collections
Software Programming • javascript filter collection lodash • • amarantha

When should you use self in a Model in Rails?
Software Programming • ruby on rails ruby • • Demir

A self-extensive, self-extensive body as a non-exhaustive virtual memory
Software Programming • algorithm c+++ • • Amritpal

Class protected and public
Software Programming • c sharp objec languaget orientati • • simrah

How do we get to the intended properties of the facility in the cycle?
Software Programming • javascript objects • • inna

How does csrf-protection work on CodeIgniter?
Software Programming • ajax mvc codeigniter csrf token • • Duquan

What does this expression mean?
Software Programming • javascript php • • gionna

Changes in line colour in HTML table
Software Programming • javascript html • • Bogopo

Protecting the site from physical replication
Software Programming • php protection • • terrea

ES6 WeakMap obtain a list of values or an event to collect debris from the site
Software Programming • javascript ecmascript 6 • • Amritpal

self [action] () is a list or what is it?
Software Programming • javascript list prototype delegates • • magpie

Error with json in jquery
Software Programming • javascript php jquery json • • kalena

How to automatically set a datetimepicker period?
Software Programming • javascript java jquery bootstrap jsp • • shizuka