comments (not for humans)

[Security] Who do you trust? - JSONP demo

November 29, 2009 - 17:31 CET In my previous posts JSONp - What's the risk? and Web2.0 - Who do you trust? I talked about the potential security problems that can occur when adding script tags and/or using jsonp. In this post I will show a couple of demos.
[...]
0 comment(s) | Permalink | | This entry has been viewed 1630 time(s).

[CSS/HTML/Js] Unescaping HTML in javascript

July 6, 2006 - 10:38 CEST You may sometimes need to unescape HTML escaped strings in javascript. I found a neat trick to do this using the browser internal escaping.
[...]
16 comment(s) | Permalink | | This entry has been viewed 17901 time(s).
[1 - 2]
About Erlend
I'm a senior consultant at Bekk Consulting AS. This blog is about software development, with a special focus on security.

Follow me on twitter
Latest posts
31.08 [Security] Rails 3.0 and XSS-protection
6.07 [Security] Avoiding NoSQL-injection with MongoDB
27.06 [Security] NOSQL-injection
7.06 [.NET] Microsoft Pex - exploratory testing
18.05 [Security] Security podcasts
Tag cloud
.net, .netspec, adam, ad lds, ajax, asp.net, authorization, axis, bdd, certificates, conference, cookie, craftsman, crossdomain, cross site scripting, csrf, css, escaping, firefox, flash, flex, httponly, input validation, javascript, jquery, jsonp, nosql, nosql-injection, output escaping, owasp, password, phishing, ql-injection, rails, rfi, security, silverlight, spam, speaker, sql-injection, sql injection, ssl, talk, tdd, testing, unit testing, web services, wse, wss4j, x509, xml, xsrf, xss
Categories
All - [RSS]
.NET - [RSS]
Agile - [RSS]
CSS/HTML/Js - [RSS]
Frameworks - [RSS]
Java - [RSS]
Security - [RSS]
Testing - [RSS]
Web Services - [RSS]
Blogroll
Honeynor
BEKK Open
movito
Vidar's musings
Aslak Hellesøy
Geekbeing's rants
Jeremiah Grossman
RSnake
Mike Andrews
Schneier on security
Michael Sutton's blog
Network security blog
On code development
Change is nothing, everything is
leif
hamang.net
Andreas' code blog
The Dilbert Blog
Pearls before swine
(IN)SECURE Magazine