Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis Denis2015-12-22 19:31:37
JavaScript
Denis Denis, 2015-12-22 19:31:37

What is the danger in dynamically linking a script?

Hello!
There is a javascript widget/module. It has an init() and a render() method.
For what? In init() I request json data from the server. In render() - show on the page.
What security issues might arise if I put a tag <script>with a request for a polyfill in init(), because, let's say, only my module needs it?
upd. ok, XSS is possible. How to do this safely?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
N
nirvimel, 2015-12-22
@golovewkin

If tags are not filtered and special characters are not escaped, then XSS is possible .
It is necessary to escape characters, for example, in a simple way, or with special libraries, such as this one .

Similar questions
K
Katie Divs2015-03-25 18:17:53
Why doesn't search work in Sublime 3? 2Reply
C
Cyril2014-04-27 12:53:00
How to make feedback for OneToMany in templates in Django? 3Reply
W
whatever732015-03-29 17:36:06
How to find all cycles in undirected graph by adjacency matrix? 2Reply
V
Vell122016-06-19 01:04:52
How to make such a line at the top of the site? 4Reply
F
Fyodor Buzinov2015-04-14 12:52:57
Nginx: redirect from https to http? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question