Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to prevent against Cross Site Script Inclusion (XSSI) attacks #158

Closed
3 tasks done
jeevatkm opened this issue Apr 5, 2018 · 1 comment
Closed
3 tasks done

Add support to prevent against Cross Site Script Inclusion (XSSI) attacks #158

jeevatkm opened this issue Apr 5, 2018 · 1 comment
Assignees
@jeevatkm
Labels
aah Framework scope feature
Projects
aah Roadmap
Milestone
v0.11.0 Milestone

Comments

@jeevatkm
Copy link
Member

jeevatkm commented Apr 5, 2018
edited

Goal is to prevent against Cross Site Script Inclusion (XSSI) attacks on JSON response payload aka JSON vulnerability.

XSSI attack is only successful if the returned JSON response is executable as JavaScript.

aah can add an option to prevent an attack by prefixing JSON response to make them non-executable.

Action Items:

  • Add method JSONSecure on Reply() builder
  • Make prefix configurable from aah.conf, default prefix value to )]}',\n
  • Add documentation
@jeevatkm jeevatkm added feature aah Framework scope labels Apr 5, 2018
@jeevatkm jeevatkm added this to Backlog in aah Roadmap Apr 5, 2018
@jeevatkm jeevatkm moved this from Backlog to v0.11.0 - Iteration in aah Roadmap Apr 5, 2018
@jeevatkm jeevatkm added this to the v0.11.0 Milestone milestone Apr 6, 2018
@jeevatkm jeevatkm moved this from v0.11.0 - Iteration to v0.11.0 - In Progress in aah Roadmap Apr 12, 2018
@jeevatkm jeevatkm self-assigned this Apr 13, 2018
jeevatkm added a commit that referenced this issue Apr 14, 2018
@jeevatkm
#158 Added support to prevent against Cross Site Script Inclusion (XS…
2773872 
…SI) attacks (#169)
jeevatkm added a commit to go-aah/docs that referenced this issue Apr 14, 2018
@jeevatkm
go-aah/aah#158 docs update
ad63f00
@jeevatkm
Copy link
Member Author

Done 😄

aah Roadmap automation moved this from v0.11.0 - In Progress to v0.11.0 - Completed Apr 14, 2018
jeevatkm added a commit to go-aah/tools that referenced this issue Apr 14, 2018
@jeevatkm
go-aah/aah#158 added secure json config
d87057a
jeevatkm added a commit to go-aah/app-templates that referenced this issue Jul 4, 2018
@jeevatkm
go-aah/aah#158 added secure json config
4e0667c
@jeevatkm jeevatkm moved this from v0.11.0 - Completed to Released to Audience in aah Roadmap Jul 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeevatkm jeevatkm

Labels
aah Framework scope feature
Projects
aah Roadmap
  
Released to Audience
Milestone
v0.11.0 Milestone
Development

No branches or pull requests
1 participant
@jeevatkm