Commit d190a84

committed

feat(snippet): Added a simple security snippet

1 parent d2f5eed commit d190a84Copy full SHA for d190a84

File tree

+15

-0

lines changed

+15

-0

lines changed

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,11 @@ Note: code snippets do NOT have access to the full console API, for example no a`
`31`	`31`
`32`	`32`	`## Snippets`
`33`	`33`
	`34`	`+### Security`
	`35`	`+`
	`36`	`+* [test-script-injection.js](test-script-injection.js) - tries to create a new`
	`37`	`+ inline script tag to test if page allows it.`
	`38`	`+`
`34`	`39`	`### DOM and CPU generic performance`
`35`	`40`
`36`	`41`	`* [boilerplate.js](boilerplate.js) - boilerplate for loading and running a remote code script`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,10 @@`
	`1`	`+/*`
	`2`	`+ This code snippet checks if the page allows creating`
	`3`	`+ and executing new inline scripts (script-injection attacks)`
	`4`	`+ See https://github.com/bahmutov/disable-inline-javascript-tutorial`
	`5`	`+*/`
	`6`	`+(function testScriptInjection() {`
	`7`	`+ var el = document.createElement('script');`
	`8`	`+ el.innerText = 'alert("hi there")';`
	`9`	`+ document.body.appendChild(el); // runs the code by default`
	`10`	`+}());`

Comments

(0)