Home Page Icon
Home Page
Table of Contents for
JavaScript Security
Close
JavaScript Security
by Y.E Liang
JavaScript Security
JavaScript Security
Table of Contents
JavaScript Security
Credits
About the Author
About the Reviewers
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
1. JavaScript and the Web
JavaScript and your HTML/CSS elements
jQuery effects
Hide/Show
Toggle
Animation
Chaining
jQuery Ajax
jQuery GET
jQuery getJSON
jQuery POST
JavaScript beyond the client
JavaScript on the server side
Full-stack JavaScript
JavaScript security issues
Cross-site request forgery
Cross-site scripting
2. Secure Ajax RESTful APIs
Building a RESTful server
A simple RESTful server in Node.js and Express.js
Frontend code for the to-do list app on top of Express.js
Cross-origin injection
Injecting JavaScript code
Guessing the API endpoints
Basic defense against similar attacks
3. Cross-site Scripting
What is cross-site scripting?
Persistent cross-site scripting
Nonpersistent cross-site scripting
Examples of cross-site scripting
A simple to-do app using Tornado/Python
Coding up server.py
Cross-site scripting example 1
Cross-site scripting example 2
Cross-site scripting example 3
Defending against cross-site scripting
Do not trust users – parsing input by users
Summary
4. Cross-site Request Forgery
Introducing cross-site request forgery
Examples of CSRF
Basic defense against CSRF attacks
Other examples of CSRF
CSRF using the <img> tags
Other forms of protection
Creating your own app ID and app secret – OAuth-styled
Checking the Origin header
Limiting the lifetime of the token
Summary
5. Misplaced Trust in the Client
When trust gets misplaced
A simple example
Building the server side – mistrust.py
The templates
To trust or not to trust
Manipulating the JavaScript code
Dealing with mistrust
Summary
Examples of JavaScript phishing
Classic examples
Accessing user history by accessing the local state
XSS and CSRF
Intercepting events
Defending against JavaScript phishing
Upgrading to latest versions of web browsers
Recognizing real web pages
Protecting your site against XSS and CSRF
Avoid using pop ups and keep your address bars
Summary
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Table of Contents
Next
Next Chapter
JavaScript Security
JavaScript Security
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset