For JSON, you'd have go pretty far out of your way to get attacked, like
loading something untrusted via JSONP, or manually parsing your own json
with eval (rather than any of the safe built-in tools), or, ya know,
forgetting to run SSL and having someone intercept your server
communication.
On Tuesday, January 28, 2014 5:04:08 PM UTC+1, Kurt Dmello wrote:
Hey folks,
I am a relative noob to GWT and have been looking at it from a security
code review perspective. I want to create a set of guidelines for people
who have to review GWT code from a security perspective looking
Another set of dangerous code to look for would be any SafeHtmlUtils or
SafeHtmlBuilder (and their uri/style conterparts) call that should take
'constant' or 'trusted' but instead takes untrusted user data. Custom
implementions of SafeHtml should also be treated as suspect.
These all fall
Thanks Thomas,
That was helpful. I tried the img tag and it did work.
What you're seeing here is browser sanitization from innerHTML (not
sanitization actually, just that the script are not run). Try with img
onerror=alert(1) src=// or similar (onclick, etc.)
What should someone
Maybe Matthew Dempsky can comment, but I believe there's an error-prone
plugin that handles checking for XSS in GWT and bad use of SafeHtml/setHTML.
On Tue, Jan 28, 2014 at 12:05 PM, Kurt Dmello kdme...@gmail.com wrote:
Thanks Thomas,
That was helpful. I tried the img tag and it did work.
Thanks folks,
This is great stuff. Keep it coming !
I am looking for all potential points of interest in a code review.
Including XSRF and JSON related vulnerabilities.
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
---
You received this message because you are subscribed
