nagayamaのブックマーク - はてなブックマーク

ブックマーク / blog.sheddow.xyz (1)

A timing attack with CSS selectors and Javascript
Have you ever encountered a website that runs jQuery(location.hash)? Seemingly pretty harmless, right? location.hash always starts with a "#" so all this code does is execute a CSS query selector. It turns out that's enough to perform a timing attack that can extract almost any secret string from the HTML. Let's start with the basics. A CSS selector is used to match and select HTML elements and lo
nagayama 2018/11/27
リンク
1

j次のブックマーク

k前のブックマーク

lあとで読む

eコメント一覧を開く

oページを開く

設定を変更しましたx