CCNA, CCNP, MCSA, CCNA Final Exam, All Answer Test Module With 100/100

Posts

Showing posts with the label xss

Access to restricted URI denied code: 1012

How do you get around this Ajax cross site scripting problem on FireFox 3? Source: Tips4all

How do you configure HttpOnly cookies in tomcat / java webapps?

After reading Jeff's blog post on Protecting Your Cookies: HttpOnly . I'd like to implement HttpOnly cookies in my web application. How do you tell tomcat to use http only cookies for sessions?

php, ajax authentication on external domain

Suppose I have domain-a.com (A) and domain-b.com (B) I'd like to be able to share php sessions between the two domains unifying logins in a way that once the user is logged to A is automatically logged into B and vice versa. Now, the problem I'm facing is that even if I managed to have the browser talk via ajax to an external domain via the Access-Control-Allow-Origin header it won't set cookies (please don't tell me "you can't set/get cookies for another domain, this is not the problem") here's the flow: A sends credentials to B if credentials are OK -B answers with the SESSID made in order to be consistent with the user credentials (so that it can be generated both ways ie: login from A or login from B), this will be used later to share the session created on B -At the same time I'd like that B could write cookies for its domain, but so far I wasn't able. What I need here is very simple, once that the credentials from A are

Send custom message from iframe guest to iframe host where host HTML from portlet

I'm trying to send a custom message from an iframe guest to an iframe host using jQuery (We are developing both guest and host). The guest and host are on the same domain but on different ports. Also, the iframe host is being rendered from a portlet within a Liferay portal instance (5.2.3) and the portal mangles the host URL of the portlet. The host and guest URLs look like: host: http://localhost:8080/host/foo/bar?p_p_id=portletname_WAR_portletname_INSTANCE_nNz9&... guest: http://localhost:8081/guest I know that trying to do this messaging violates the same origin policy enforced by browsers. To get around this I've looked at using PortHole, EasyXDM and the jquery-postmessage-plugin. The problem I have is this: For these libraries to work the sender (iframe guest) needs to know the host url but cannot know the mangled portlet host url in advance.

One jQuery Instance, Two Domains

I have two pages: a.example.com and b.example.com a.example.com includes jQuery a.example.com contains an iframe pointing to b.example.com both pages have document.domain set to the same parent domain, example.com How can I use the jQuery include from a.example.com to call $.ajax({ url: " b.example.com " }) from inside the b.example.com iframe? In other words: Both pages can currently access the Javascript of one another, but I can not get the AJAX call to function without throwing XSS errors. That is, without including jQuery on b.example.com too. How do I avoid including jQuery twice? Example of the contents of the iframe: <script> document.domain = "example.com"; function proxyAjax() { var jQueryParent = parent.$.sub(); // Chrome gives error: XMLHttpRequest cannot load http://b.example.com/. Origin http://a.example.com/ is not allowed by Access-Control-Allow-Origin. jQueryParent.ajax({ url : "http://b.example.com/&quo