Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis Denis2015-12-22 19:31:37
JavaScript
Denis Denis, 2015-12-22 19:31:37

What is the danger in dynamically linking a script?

Hello!
There is a javascript widget/module. It has an init() and a render() method.
For what? In init() I request json data from the server. In render() - show on the page.
What security issues might arise if I put a tag <script>with a request for a polyfill in init(), because, let's say, only my module needs it?
upd. ok, XSS is possible. How to do this safely?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
N
nirvimel, 2015-12-22
@golovewkin

If tags are not filtered and special characters are not escaped, then XSS is possible .
It is necessary to escape characters, for example, in a simple way, or with special libraries, such as this one .

Similar questions
U
unlik2015-03-20 00:01:49
How to backup a dump to a remote server? 2Reply
V
Vasiliy2015-03-22 17:23:49
JSLint good or bad!??? 3Reply
C
codeorlov2018-11-06 13:28:50
How do I restore the database from .frm and ibdata? 1Reply
T
Timofey2015-04-01 11:13:34
sails.js impressions? 5Reply
R
Ruslan Gayfutdinov2015-04-01 21:55:37
How and with what to track the work of employees? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question