how protect pale moon for this attacks?
https://github.com/0xsobky/HackVault/wi ... S-Polyglot
XSS
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Re: XSS
Why do you think Pale Moon is vulnerable to this?
You think the browser executes javascript in cookie headers?
You think the browser executes javascript in cookie headers?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: XSS
On a related note:
Browser won't execute JavaScript in cookies directly but some sites transport JS functions and data via cookies (which are sometimes flagged/removed by various tools and proxies) later to eval them in the browser. This may not constitute an XSS and is not frequent, but I have seen this in experience a few times.
Browser won't execute JavaScript in cookies directly but some sites transport JS functions and data via cookies (which are sometimes flagged/removed by various tools and proxies) later to eval them in the browser. This may not constitute an XSS and is not frequent, but I have seen this in experience a few times.
Re: XSS
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite