-
Notifications
You must be signed in to change notification settings - Fork 73
Indirect sources
Ohpe edited this page Jan 29, 2016
·
1 revision
(TBA)
HTML 5 Storage objects [ 1, 2, 3 ] can be considered an indirect source, since they can be used to store values from direct sources and use them later insecurely.
Indirect source objects are:
- localStorage
- sessionStorage
- IndexedDB (mozIndexedDB, webkitIndexedDB, msIndexedDB)
- Database (Safari Only)
Previously server side stored data could be used by an attacker to send untrusted input to JavaScript.
(TBF)
- Home
- Sources
-
Sinks
- Direct Execution Sinks
- Set Object Sinks
- HTML Manipulation Sinks
- Style Sinks
- XMLHttpRequest Sink
- Set Cookie Sink
- Set Location Sink
- Control Flow Sink
- [Use of Equality And Strict Equality](Use of Equality And Strict Equality)
- Math.random Sink
- JSON Sink
- XML Sink
- [Common JavaScript libraries](Common JavaScript libraries)
- String Manipulation Methods
- Local DOMXSS
- Finding DOMXSS
- Object Shadowing
- Filters
- Glossary
- References