Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding CMS CMS and any javascript problems

Thread Rating:
  • 493 Vote(s) - 3.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
CMS and any javascript problems

Offline combo13


Member
*
Member
Posts: 0
Threads: 0
Joined: Jun 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-20-2023, 01:28 PM
I'm developing a CMS and I host the users sites on my server (as Tumblr or Wordpress do). Since I let them write custom HTML & CSS code for their site pages I would like to know if there is any security problem letting them write javascript code too and what kind of problems it can cause..

Thank you!
Reply

Offline patriate437567


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: May 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-20-2023, 01:43 PM
This is something that can indeed lead to security issues, it can be done, but one should be very careful w.r.t. [XSS][1], [CSRF][2], cookie theft, etc. This is especially prevalent if your users have the same domain (e.g. example.com/user1 and example.com/user2) since a lot of security models trust the entire domain.

Thread carefully, when in doubt, don't implement this.

[1]:

[To see links please register here]

[2]:

[To see links please register here]

Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through