Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Javascript Injection Security Concerns

Status
Not open for further replies.
jgd1234567

jgd1234567

Programmer
May 2, 2007
68
GB
Hi, i've always taken security for granted in my websites but i am currently in the process of building a big website where security is of major importance. I understand most of the server side security concerns such as sql injection but with javascript (and ajax) i get a little bit lost. From my understanding there are a couple areas which particularly concern me.

1. What can a user do if they manage to inject javascript into a page on the site? I read that XMLHttpRequest has its own built in security (can only call pages on the site it resides) but if a user can inject javascript into my site then surely this could be a security concern.
2. What are the security concerns with iframes (pages on external site)? Do i get the same problems as in point 1?

I know i should probably html encode my user input but i am just wondering what are the security concerns incase.
 
Sort by date Sort by votes
Here is a very recent book on the subject. Given the size of the project, the cost of a new book is negligent [smile].

Ajax Security by Billy Hoffman:

Cheers,
Jeff

[tt]Jeff's Blog [!]@[/!] CodeRambler
[/tt]

Make sure your web page and css validates properly against the doctype you have chosen - before you attempt to debug a problem!

FAQ216-6094
 
Upvote 0 Downvote
...What dictionary are you using?
Click to expand...

Well... you see... it goes like this... I knew what the word sounded like - and it looked ok when I typed it :)

The word that I meant to use was actually [!]negligible[/!] [blush]

Anyway, the reviews I have read (and from what I have read of the book so far) lead me to believe that this is a very useful book on just the subject material you are asking.

Cheers,
Jeff

[tt]Jeff's Blog [!]@[/!] CodeRambler
[/tt]

Make sure your web page and css validates properly against the doctype you have chosen - before you attempt to debug a problem!

FAQ216-6094
 
Upvote 0 Downvote
Ok cheers guys. My English sucks so i'm not going to argue. I'll see if can get myself one of them books i guess.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lexer
  • Locked
  • Question
Passing fields from (html-JavaScript) table to JavaScript Function
Replies
0
Views
305
lexer
lexer
Mike Lewis
  • Locked
  • Question
Anyone here got any experience of Grid.JS (a sortable Javascript grid) 1
Replies
5
Views
699
Mike Lewis
Mike Lewis
JScannell
  • Locked
  • Question
Javascript events
Replies
1
Views
161
Daniel K
Daniel K
JScannell
  • Locked
  • Question
Javascript issue on iPhone/iMac platforms
Replies
0
Views
284
JScannell
JScannell
JScannell
  • Locked
  • Question
Google Chrome doesn't load my javascript files
Replies
1
Views
250
JScannell
JScannell

Part and Inventory Search

Sponsor

Back
Top