Security/Reviews/Gaia/costcontrol: Difference between revisions

Jump to navigation Jump to search

Security/Reviews/Gaia/costcontrol (view source)

Revision as of 16:16, 25 September 2013

1 byte removed ,  25 September 2013
→‎Suspicious but OK
Line 71: Line 71:
     ~/work/code/gaia/apps/costcontrol/js/view_manager.js:111 - panel.innerHTML = panel.childNodes[i].nodeValue;
     ~/work/code/gaia/apps/costcontrol/js/view_manager.js:111 - panel.innerHTML = panel.childNodes[i].nodeValue;
         -grabbing static HTML defined in a comment block inside index.html
         -grabbing static HTML defined in a comment block inside index.html
    ~/work/code/gaia/apps/costcontrol/js/settings/settings.js:131 - src.innerHTML = xhr.responseText;
        -> XHR is fetching /debug.html which has no variable data


     ~/work/code/B2G/gaia/apps/costcontrol/js/view_manager.js:138 - var script = document.createElement('script');
     ~/work/code/B2G/gaia/apps/costcontrol/js/view_manager.js:138 - var script = document.createElement('script');
         - Used to activate scripts
         - Used to activate scripts
         - grabs a bunch of scripts (from where?) and then builds script tags with the sources.
         - grabs a bunch of scripts (from where?) and then builds script tags with the sources.
             - can we contaminate the name of a script file defined in the src to something malicious
             - can we contaminate the name of a script file defined in the src to something maliciou
 
    ~/work/code/gaia/apps/costcontrol/js/settings/settings.js:131 - src.innerHTML = xhr.responseText;
        -> XHR is fetching /debug.html which has no variable data


====2. Secure Communications ====
====2. Secure Communications ====
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/715622"

Navigation menu