Search found 3 matches
- Thu Mar 21, 2024 11:36 pm
- Forum: NoScript Development
- Topic: Proposal to default-allow Server-Side Rendering frameworks' client helper libraries
- Replies: 4
- Views: 1034
Re: Proposal to default-allow Server-Side Rendering frameworks' client helper libraries
Took a quick look into htmx and Phoenix LiveView, and their events support seems enough to perform clickjacking attacks that would not be possible on truly scriptless pages. Can you outline how this attack would work? I can't visualize a clickjacking attack that would be enabled by one of these fra...
- Thu Mar 21, 2024 6:56 pm
- Forum: NoScript Development
- Topic: Proposal to default-allow Server-Side Rendering frameworks' client helper libraries
- Replies: 4
- Views: 1034
Re: Proposal to default-allow Server-Side Rendering frameworks' client helper libraries
possible CSRF Fine, then make an additional restriction that for a script to be considered a candidate for being evaluated as a "well-known script", it needs to be same-origin to the site loading it. The script being same-origin would normally obviate the need for a script integrity attri...
- Thu Mar 21, 2024 5:56 pm
- Forum: NoScript Development
- Topic: Proposal to default-allow Server-Side Rendering frameworks' client helper libraries
- Replies: 4
- Views: 1034
Proposal to default-allow Server-Side Rendering frameworks' client helper libraries
The Server-Side Rendering client helper libraries I'm talking about: htmx Phoenix LiveView Hotwire These small, self-contained Javascript libraries are delivered by Server-Side Rendered web frameworks, and exist for the purpose of avoiding a Javascript "fat client." They are not user-custo...