Tag: JavaScript

How does one populate an app with content when using a front end javascript framework?

For the last month or so I have been struggling with this question. One of the next logical steps in my studies of front end development is to learn how to use a JavaScript framework such as Angular or Vue.js. However, I feel blocked by this one issue that comes to mind.

How does one populate a website with content (say from a database) with a framework like Vue or Angular?

Based on my current research I have come to the conclusion that the only way to do this would be by loading the page and then using client-side JavaScript to request the relevant data after the initial load.

This, to me, seems very inefficient.

Is there any way to render the page beforehand while still keeping all the features of the frontend framework?

Can a URL contain executable JavaScript?

I am learning about “Session fixation” and have read the corresponding OWASP page.

In their Example 2 in the above page, they describe an attack via JavaScript, that is embedded in the URL like:

http://website.kom/<script>document.cookie=”sessionid=abcd”;</script>

I tried this with an embedded <script>alert("XSS!!");</script>, but as expected, it did not work.

Is there ANY way, an URL can run embedded JavaScript?

Note: This question is somewhat similar to Execute reflected XSS in URL, but I am talking about scripts in the URL, not from a HTTP header.

Is this javascript vulnerable to dom based XSS?

I was testing example.com and i found a js reflection point. If i send the following request:

https://example.com/?token=test%22test="'-confirt(1)-'

I can see the following in server response:

<script nonce=""> window.meta = { "token": "Token\"xss=\"'-confirt(1)-'", "dToken": "dt\"xss=\"'-confirt(1)-'", "Id": "11" </script>

Is this code vulnerable to Dom Based XSS? If yes, which payload could i try to trigger an alert box?

I already tried to close the </script> tag but < and > are filtered.

Coding the Javascript part of a TinyMCE plugin: the IDE can’t resolve the tinymce variable

I’ve copied a very basic plugin for WordPress which adds a button to TinyMCE.

The code is correct and works. But while I’m coding (in PHPStorm), the IDE can’t resolve the javascript objects. How can I configure PHPStorm (or a generic IDE) to see the code of TinyMCE included in WordPress?

enter image description here

Check user membership of current user in security group using javascript

I am working on SharePoint 2016 on-premises environment. I need to implement the some functionality based on the result whether the currently logged-in user is a part of a security group or not using javascript/jquery. Can someone advise on how I can check the user membership in a security group?

How editing html and javascript of a website makes it vulnerable? [duplicate]

This question is an exact duplicate of:

  • Is bypassing client-side protections a XSS vulnerability?

I was practicing web pentesting on this level of ctf2 and I was supposed to edit the HTML and the Javascript to get rid of the input validation and < > sanitization. I succeded after looking up the solution elsewhere.

Now what I don’t understand is why modify the HTMLand the Javascript. The changes will be lost once the page is reloaded, so how does that makes it dangerous? Is this how XSS is done, by editing the HTML/Javascript and injecting script tags to the input fields? And how does it threaten real users?

I know the challenge was ‘simple’ and there are no users who are threatened, but is it the same concept in real life? Thanks in advance.

¿Porqué en este loop de JavaScript la impresión de la variable es desde counter y no desde counter-1?

en mi búsqueda por aprender programación por mis propios medios, me he topado con el tema de recursividad y este simple código… mi pregunta ya que la variable counter comienza desde 10 y dentro del loop While el contador resta 1, porqué en la “impresión” aparece desde el 10. Sé que si quisiera empezar desde 10 colocaría el contador en 11… pero obviamente tengo la curiosidad y no entiendo.

var counter = 10; while(counter > 0) {     console.log(counter--); }

resultado: 10 9 8 7 6 5 4 3 2 1

¿Como hacer tabla en javascript, separando estructura de datos por un lado y utilizando una función para pintar dicha estructura?

function pintar_tabla(){ var col=document.getElementById(“columna”).value; var filas=document.getElementById(“fila”).value; var tabla = “”; tabla += “”; for (j = 0; j ” + (j + 1) + “”; } tabla += “”; for (i = 0; i “; tabla += “” + (i + 1) + “”; for (j = 0; j ” + “” + “”; } tabla += “”; } tabla += “”; document.getElementById(“resultado”).innerHTML = tabla; }

bloginfo url in javascript

I’m trying to set <?php bloginfo('template_url'); ?> in a variable on Javascript, and then to set src of an img element, but in the html it’s been printed as src="<?php bloginfo('template_url'); ?>" and not as the actually url.

This is how I tried to do it:

var wpTemplateUrl = "<?php bloginfo('template_url'); ?>"; primaryImg.src = wpTemplateUrl;

Ciclo for javascript para crear una pirámide de números

bien lo que trato de hacer es que imprima los numeros dependiendo el valor de “j” por ejemplo si pongo 4 tendria que hacer

1 12 123 1234

y ya lo hace solo el detalle es que no los imprime como en el ejemplo si no que todo lo hace hacia abajo, ayuda por favor.

<html> <body> <script type="text/javascript"> var i=1 var n=0 var j=4 for(n; n<=j;n++){ for (i=1;i<=n;i++){  document.write(i )  document.write("<br />") } } </script> </body> </html>