I could be wrong about this question or idea. XSS can be an issue when utilizing payment links within a website. I gather the link could be malicious and send payment info to someone other than you'd wish. Would element properties 8 assist in determining the link itself?
Element Properties 8
My understanding is element properties will reveal the destinating url via context menu.
xss and element properties 8
xss and element properties 8
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Re: xss and element properties 8
Looks like that feature is built into SeaMonkey, so I've played with it a bit, and yes it reveals a link's href but you can't always tell if a URL is malicious just by looking at it.
Also, since you're probably allowing JS on the pages you're using to submit the payment/info, it's possible for links to change their destination URL or load additional (malicious) pages only when you're clicking on them, and "Properties" doesn't help you determine whether that will happen.
Also, since you're probably allowing JS on the pages you're using to submit the payment/info, it's possible for links to change their destination URL or load additional (malicious) pages only when you're clicking on them, and "Properties" doesn't help you determine whether that will happen.
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0 SeaMonkey/2.27a1
Re: xss and element properties 8
Firefox has element inspectors built-in too.
I'm not sure what kind of page flow you're describing here, but if you're worried about a shop sending payment info to someone other than eg Paypal, then XSS is not the issue. That's a simple matter of whether you trust the person you're doing business with.
The situation where you need to worry about XSS is when you're logged into a sensitive site, like Amazon, and then some other site you visit, perhaps completely unrelated, is able to send a request that will cause their own JavaScript to run on Amazon. Thus allowing them to make you buy the attacker's products, etc.
I'm not sure what kind of page flow you're describing here, but if you're worried about a shop sending payment info to someone other than eg Paypal, then XSS is not the issue. That's a simple matter of whether you trust the person you're doing business with.
The situation where you need to worry about XSS is when you're logged into a sensitive site, like Amazon, and then some other site you visit, perhaps completely unrelated, is able to send a request that will cause their own JavaScript to run on Amazon. Thus allowing them to make you buy the attacker's products, etc.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0