204 questions
1
vote
1
answer
286
views
JS: inject into BoundFunctionObject for bookmarklet script
Suppose I am writing a bookmarklet script to modify a webpage. Most websites (using webpack, etc) follow a structure something like this:
<html>
<script type="text/javascript"&...
- 909
1
vote
1
answer
327
views
Spam redirection javascript being injected into web page HTML
I've got a simple hobby website - www.stuartconner.me.uk - where I've largely hand-coded the HTML (as a learning exercise) and uploaded to a cheap web hosting platform over FTP.
Pages are occasionally ...
- 11
3
votes
3
answers
5k
views
Solve Cloudflare Turnstile Captcha using 2captcha api
im having a problem with getting the parameters which 2captcha api needs to solve the captcha .
The type of Captcha Im struggeling with, is Cloudflare Turnstile. There are two hidden parameters you ...
- 31
2
votes
1
answer
261
views
(system vulnerability) Trying to simulate JavaScript injection into HTML templates
I'd like to REPRODUCE a scenario where a 3rd party testing team injected a <script> tag into an HTML template on our front end. Then I want to add code to prevent this (i.e. front end angular ...
- 5,789
0
votes
0
answers
927
views
Regular expression bypassing
I am solving the ctf challenge. Is it possible to bypass this RE and execute JS injection?
<script>
s=decodeURIComponent(location.search.substr(1));
if(/^[".=acdeimnotu]*$/.test(s))
eval(s)...
- 1
-1
votes
1
answer
1k
views
Debugging injected script in chrome extension
Say I have the following code:
in my content-script.js:
const script = document.createElement('script');
script.setAttribute("type", "application/javascript");
script.src = chrome....
- 15.6k
0
votes
0
answers
49
views
calling the next javascript via eval, remove the span tag created by the initial JS file
I have a html file and 2 JavaScript files: mainscript.js and script1.js. I inject the script1.js inside the mainscript.js. However, what happens is that by calling script1.js, the htmltags created by ...
0
votes
0
answers
43
views
Iframe access on elements
I use an Iframe with an external API, which I don't control. My goal is to add Javascript code in my Website, to change the style of a few elements in the Iframe. First I considered using
document....
0
votes
1
answer
2k
views
Inject JavaScript in Android WebView to replace already existing object
I need some help with Android's WebView. I am trying to create an app which loads a webpage, I cannot change. The webpage does load a number of javascript files and I am trying to overwrite the ...
- 75
2
votes
0
answers
146
views
Injecting card information to website checkout React Native WebView
I'm working on a project that allows users to pay for items through virtual generated cards. It is built on React Native and uses WebView to allow in-app browsing of online stores. Since there is no ...
-1
votes
1
answer
305
views
How to Inject script only in a particular Iframe
I am using Requestly to Inject script but couldn't find a way to inject the script only in a particular Iframe.
Is there any way to insert custom JS using Requestly in a particular iFrame in a webpage?...
9
votes
3
answers
3k
views
Chrome Extension: How do I use declarativeNetRequest to bypass the Content Security Policy
I'm making an extension that injects a user provided script into the current website. I've gotten that part done (with the help of wOxxOm). Only problem is that on some websites, it doesn't work. It ...
- 172
1
vote
1
answer
2k
views
Enter full screen automatically by inserting script in a webpage using requestly
I want to go into full-screen mode (F11) on certain pages. For this, I am using Requestly chrome extension to insert a script on a webpage.
Here is the script
document.body.requestFullscreen();
...
1
vote
1
answer
2k
views
How can I redirect a specific URL to another after a delay?
whenever I end up on a certain page, which has a certain URL ("A"), i want my browser (Chromium) to wait there 10 seconds (without doing nothing else) and then automatically redirect me to ...
- 9
0
votes
2
answers
385
views
JavaScript injection for controlling volume of video
I have a sample html page here which displays a video, I am using javascript injection to play/pause the video. But now I want to control the volume as well. How do I create a function which decreases/...
- 39
5
votes
1
answer
2k
views
localhost javascript bundled is trying to be injected to my website by an user. (Reported by Sentry an error and performance tracking tool)
I can see in Sentry report that,
Along with my vendors~main-6319dfea084cb55e85bf.js,main-6319dfea084cb55e85bf.js and other resource.scripts and resource.css files i can see https://localhost:49506/...
- 231
1
vote
1
answer
181
views
Adding instrumentation (aka injecting into scripts) using chrome extensions
My goal is to inject instrumentation code into certain scripts of certain websites to then lately collect the data using chrome extension and upload it to a centralized DB.
The last time I tried this ...
- 443
2
votes
0
answers
371
views
Android WebView : MutationObserver doesn't detect IFRAME being added to html document
I'm writing an app the contains a WebView in which I display pages from different websites. Some of these pages contain IFrames.
My app injects javascript into the displayed WebView and my problem is ...
- 2,177
0
votes
0
answers
852
views
Injecting scripts in Chrome Extension global object and tamper with shadow DOM
Warning: possibly involves a set of programming bad practices to bypass security features.
We're developing a bundle of scripts that extract public information from some website. I use ViolentMonkey ...
- 856
0
votes
3
answers
556
views
How to prevent PHP echo from ending a JS string?
I have this code:
<!DOCTYPE html>
<html>
<head>
<title>Sign up page</title>
<meta charset="UTF-8"/>
</head>
<body>
...
- 1,815
1
vote
1
answer
757
views
Tinymce injection security
I have public editor where users can share notes using TinyMCE but I'd like to prevent them of inserting JavaScript or SQL (any type of scripts) in this editor.
So my question is: how?
Here is my ...
- 7,188
0
votes
0
answers
44
views
How to inject JavaScript function in partial (same partial can be loaded multiple times) loaded by ajax?
I have a partial, which could be re-used many times in the same view.
It hosts a chartjs element.
The Partial loads, makes an ajax call to get its data.
The various keys of the Chart are populated ...
- 500
0
votes
1
answer
1k
views
Selecting a button active class
these are the cards and I have written javascript to select the button and turn it into an active class but when I select the button it is not select and not turn into an active button where is the ...
- 13
1
vote
1
answer
1k
views
Converting PDF to PDF/A sufficient to disable javascript in file?
If I have a pdf file with malicious javascript embedded in it (visible or obfuscated) - will converting that file to pdf/a format (with a commercial tool) deactivate the javascript - making the file ...
- 314
0
votes
1
answer
176
views
Is there a way to stop a JS process through injected JS?
There's a website I need to check at constant intervals but it has certain JS functions programmed into it that are more aesthetic than anything else, and the result is that it eats up my CPU for no ...
- 630
0
votes
0
answers
182
views
Detect Javascript injection in network traffic
This is my first question here in stackoverflow, so pardon me if I am missing something!
I'm working on a project related to VPN security. They main goal of the project is to detect if a VPN client is ...
3
votes
1
answer
319
views
Getting control of every 'src' attribute change in DOM
I'm writing a Javascript code that needs to watch for new 'script' elements, and to block a few known sources.
To catch those, I've tried using MutationObserver and __ defineSetter __ ,
both can ...
- 31
-1
votes
1
answer
416
views
Disable extensions to run script on website
Some extensions are modifying the HTML and inserting their own scripts in the website.
Is there a way to disallow extensions to run scripts on my website?
I tried with CSP, but it doesn't seem to work....
- 827
1
vote
0
answers
372
views
Where is the proper place for re-injecting Javascript (but not the html) in SwiftUI?
I am trying to find the best place for re-injecting Javascript in the following two contexts:
On-demand injection (only when user presses a button):
Right now, I have the Javascript injection in my ...
- 11
0
votes
1
answer
147
views
Is client javascript injection detectable for server?
I am developing a web-scraper on an Android App and I have developed automated surfing with js insertion. I do tasks like the following:
document.getElementById("user").innerText="...
- 1
5
votes
1
answer
1k
views
Is there a Javascript runtime in WebAssembly
I am trying to isolate user JavaScript code for security.
I can do this via Iframe security and message passing.
Is there a JavaScript runtime that can be loaded via webassembly to which i can pass ...
- 6,000
0
votes
1
answer
676
views
PHP validate HTML to prevent html/xss injections [duplicate]
I need to implement a logic where the user sends some content (it can be just a string but also can be part of HTML markup), we store that info to a database, and at some period of time, we replace ...
- 5,644
0
votes
1
answer
281
views
How to solve continuous wordpress redirect and injection hacking?
I'm experiencing security issues with multiple wordpress sites I host. All the sites have different themes, and are on different servers and isolated within different users. They have been running for ...
1
vote
0
answers
231
views
WKWebView dynamic height calculation based on font size
I'm trying to calculate WKWebView content height according to font size. There is a lot of topic about it but none of it worked for me. I created demo app for test. In my test app I'm changing size of ...
-1
votes
1
answer
176
views
sorttable.js works from server, but not when inlined
I'm creating a tool that generates reports, I'd like to "html-ify" them
The reports contain many tables, and this JAVA SCRIPT package would be great
https://kryogenix.org/code/browser/sorttable/
It ...
- 798
0
votes
1
answer
583
views
Convert Greasemonkey script into an injectable JS (no addons)
Thank you in advance for your assistance. Basically I'm using Rambox Pro (basic browser with injecting JS & CSS support only) into webpages as my workstation & I'm using Notion & want this ...
4
votes
1
answer
3k
views
How to remove all inline script or html injection on Input text using JavaScript or Jquery
I know this type of question might have asked many times but I am sure that this one is different than all of them.
I have a Input TextArea control on server side, I am trying to remove all inline ...
- 447
1
vote
2
answers
2k
views
prevent script injection when spawning command line with input arguments from external source
I've got a python script that wraps a bash command line tool, that gets it's variables from external source (environment variables). is there any way to perform some soft of escaping to prevent ...
- 5,214
1
vote
1
answer
575
views
How Remove Odd Hidden Web Field in My Form
I'm redoing some stuff on a website. I create my own forms and there's been a hidden field injected into my system somehow, after my Submit button. I have (updated) found that it is injected by ...
- 2,136
0
votes
1
answer
583
views
Javascript-inject element change listener?
We use KioWare, and want to trigger a local application (which we can do no problem by keybind). We only want to trigger the keybind when a specific page element changes from "blahblah-hidden" to "...
3
votes
0
answers
789
views
How to inject javascript on Chrome to modify navigator webdriver
In order to make my Chrome Browser undetectable when using Selenium I'm trying to modify the get function on the webdriver to answer always with false. To do so, I've created a Chrome Extension that ...
- 427
4
votes
1
answer
2k
views
Disable JavaScript embedded in PDF in browser (XSS attack)
We are trying to load a PDF in an iframe using ExtJs. The PDF is embedded with JavaScript. When it is loaded in the browser, the alert is being displayed and it is considered as JS injection in ...
- 621
8
votes
1
answer
7k
views
Send Object from Javascript to Kotlin using Webview
I have loaded a webpage using WebView component and added a JavascriptInterface. Please check the code below,
val webview = WebView(this)
setContentView(webview)
webview.settings.javaScriptEnabled = ...
- 1,588
0
votes
0
answers
2k
views
How to Validate Javascript injection in a Textbox
I want code which can validate true or false, based on a condition.
If my textbox value contains any js injection,
example:
var str = "alert('text')"
how do I know if the str is a normal text or it ...
- 83
0
votes
1
answer
1k
views
Should I prevent JavaScript injections in password field?
I've found lots of information about JavaScript injections, but didn't find any specific regarding password field.
For my test GMail account I was able to set the next password <Script>alert(...
- 4,808
0
votes
2
answers
76
views
Changing title only saves for a few seconds (until page stops loading) [duplicate]
Im trying to change the title of youtube page (so that the tab at the top of the browser changes to "test" instead of "youtube"). It changes for a few seconds, changing from "youtube" to "test", and ...
- 11
0
votes
1
answer
124
views
how to identify code that triggers external javascript load?
I have a prestashop installation live which has been somehow injected with malitious code, here is my prestashop: https://debou.it
in chrome console I see this external javascript is loaded many ...
- 128
0
votes
0
answers
28
views
PHP Code optimisation - Best way to escape strings for SELECT queries to prevent javascript/XSS injection [duplicate]
I want to know if the way I'm escaping quotes is the best or if it can be enhanced.
Visitors can submit text which is stored in database and then displayed in another page. Simple enough. I use PDO ...
- 315
0
votes
1
answer
3k
views
Bypass HTML entities
Is there anyway to bypass input sanitization and do HTML injection.
It is an exercise from bWAPP.When I am trying to do HTMLi , input validation is checked and special characters are sanitized.The ...
0
votes
1
answer
2k
views
JavascriptExecutor SyntaxError: Unexpected identifier. Why?
Java
JavascriptExecutor js = (JavascriptExecutor) driver;
Boolean ready = (Boolean)js.executeScript("the below JavaScript");
JavaScript
var ready = false;
window.onload = function() {
ready = ...
- 606