This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "JavaScript/Web 2.0 Keywords and Pointers"
(New page: OWASP Code Review Guide Table of Contents__TOC__ Ajax and JavaScript have brought functionality back to the client side, which has brought a number of old security issues back to the...) |
m (Added navigation to facilitate sequential reading online) |
||
Line 1: | Line 1: | ||
− | + | {{LinkBar | |
− | + | | useprev=PrevLink | prev=Searching for Code in Classic ASP | lblprev= | |
+ | | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents | ||
+ | | usenext=NextLink | next=Code Reviews and Compliance | lblnext= | ||
+ | }} | ||
+ | __TOC__ | ||
Ajax and JavaScript have brought functionality back to the client side, which has brought a number of old security issues back to the forefront. The following keywords relate to API calls used to manipulate user state or the control the browser. The event of AJAX and other Web 2.0 paradigms has pushed security concerns back to the client side, but not excluding traditional server side security concerns. | Ajax and JavaScript have brought functionality back to the client side, which has brought a number of old security issues back to the forefront. The following keywords relate to API calls used to manipulate user state or the control the browser. The event of AJAX and other Web 2.0 paradigms has pushed security concerns back to the client side, but not excluding traditional server side security concerns. | ||
Line 38: | Line 42: | ||
XMLHTTP <br> | XMLHTTP <br> | ||
− | + | {{LinkBar | |
+ | | useprev=PrevLink | prev=Searching for Code in Classic ASP | lblprev= | ||
+ | | usemain=MainLink | main=OWASP Code Review Guide Table of Contents | lblmain=Table of Contents | ||
+ | | usenext=NextLink | next=Code Reviews and Compliance | lblnext= | ||
+ | }} | ||
[[Category:OWASP Code Review Project]] | [[Category:OWASP Code Review Project]] |
Latest revision as of 15:37, 9 September 2010
Ajax and JavaScript have brought functionality back to the client side, which has brought a number of old security issues back to the forefront. The following keywords relate to API calls used to manipulate user state or the control the browser. The event of AJAX and other Web 2.0 paradigms has pushed security concerns back to the client side, but not excluding traditional server side security concerns.
Look for Ajax usage, and possible JavaScript issues:
eval(
document.cookie
document.referrer
document.attachEvent
document.body
document.body.innerHtml
document.body.innerText
document.close
document.create
document.createElement
document.execCommand
document.forms[0].action
document.location
document.open
document.URL
document.URLUnencoded
document.write
document.writeln
location.hash
location.href
location.search
window.alert
window.attachEvent
window.createRequest
window.execScript
window.location
window.open
window.navigate
window.setInterval
window.setTimeout
XMLHTTP