[Dojo-interest] Interesting paper on HTML5 injection attacks

Rob Gillan rob at mosais.com
Mon Jun 30 21:38:59 EDT 2014


Hi all,

Interesting study on attacks and vulnerabilities of HTML5 mobile apps:

http://mostconf.org/2014/papers/s3p5.pdf

In our Cordova based app, we have the ability of scanning barcodes using a third party plugin.  On return from the plugin we put the value into the destination mobile textbox widget via .set('value', barcodereturnvalue).  We've had a bit of a dig through the source but was wondering if anyone could comment on whether code embedded in the 2d barcode could ever be executed with the attribute setting approach (rather than just adding it to the DOM).

Thanks
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.dojotoolkit.org/pipermail/dojo-interest/attachments/20140701/d3e1fc05/attachment.htm 


More information about the Dojo-interest mailing list