Bugtraq mailing list archives
Re: HACKING WITH JAVASCRIPT
From: Jim Halfpenny <jim () openanswers co uk>
Date: Fri, 11 Feb 2005 12:56:26 +0000 (GMT)
On Wed, 9 Feb 2005, hictor ertd wrote:
1. Bypassing Required Fields Surely you have met a webpage that requires you to fill all fields in a form in order to submit it. It is possible to bypass these types of...<--SNIP-->
Why subvert the form at all? If a HTML form contains JavaScript to check the fields entered, it is trivial to craft your own form or HTTP request to send arbitrary data to the server. Trying to get around JavaScript checks to accomplish this just serves to make the task more difficult. JavaScript really ought only to be used in this fashion to sanity check form content and not as a security device. This paper does raise the issue of the fundamental flaw in the trust some people put into client-side validation. Jim Halfpenny
Current thread:
- HACKING WITH JAVASCRIPT hictor ertd (Feb 10)
- Re: HACKING WITH JAVASCRIPT Cleiton Martins (Feb 11)
- Re: HACKING WITH JAVASCRIPT Jim Halfpenny (Feb 11)