1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

XSS Prevention Script Upgrade

Discussion in 'JavaScript and AJAX' started by akshits, Sep 26, 2009.

  1. akshits

    akshits New Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    0
    Hello,

    I made a script to prevent XSS attacks in my website. This will be run in the IFrame automatically. The JScript Code is:-

    Code:
    
    // Secure page for XSS attacks
    // IFrame XSS Prevention
    // This will be injected into the page of the IFrame, and this function shall run in a timer!
    
    (function() {
    
    // Delete all known functions to use
    
    var AJAX = function() { }; // Delete any known function for AJAX
    var Ajax = function() { }; // Delete any known function for AJAX
    var XMLHttpRequest = function() { }; // Delete any known function for AJAX
    var alert = function() { return(false); }; // Delete any known function to bug user
    
    // Delete all known prototypes
    
    window.prototype.open = function() { }; // Delete any known function for opening obstructive windows
    window.prototype.parent = null; // Delete any known function for to connect to the parent
    document.prototype.createElement = function() { }; // Delete any known function for creating any elements
    document.prototype.getElementById = function(x) { return(false); }; // Delete any known function for connecting to any element
    window.prototype.frames = null; // Delete any known function for connection to any frames
    document.prototype.location = function() { }; // Delete any known function for location changing
    window.prototype.location = function() { }; // Delete any known function for location changing
    
    // Set news functions
    
    function $() { };
    
    }){};
    
    
    I doubt this code will run! Specially the window.prototype.*** and the document.prototype.***. Please help me make the script a success!

    Thanks,
    Akshit Soota
     

Share This Page