OWASP Podcast #17, an interview with Robert Hansen, is now live! Robert achieved fame and glory in the early wild west days of web application security working for e-bay. He's also the brain behind the Google-approved security blog, http://ha.ckers.org .
Thursday, April 23, 2009
Thursday, April 9, 2009
OWASP Podcast #16 - Interview with Dave Aitel
The first rule of Fight Club is: you do not talk about Fight Club.
OWASP Podcast #16, an interview with Dave Aitel, covers a wide variety of topics. Dave started working as a security researcher for the NSA at the age of 18 and has no shortage of experience to pull from in this interview.
To listen to OWASP Podcast #16, you can download the mp3 file directly, subscribe to the RSS feed or subscribe directly through iTunes!
OWASP Podcast #16, an interview with Dave Aitel, covers a wide variety of topics. Dave started working as a security researcher for the NSA at the age of 18 and has no shortage of experience to pull from in this interview.
To listen to OWASP Podcast #16, you can download the mp3 file directly, subscribe to the RSS feed or subscribe directly through iTunes!
Tuesday, April 7, 2009
Form input names with reserved words and JQuery
When you have an HTML form that contains an input field with the name of "action" or "submit" - submitting a form via javascript becomes problematic.
Normally, Jquery users would simply call $("#formid").submit() after referencing a form. However, if your form contains an input field named "submit" (like <input name="submit">) then $("#formid").submit() does not submit the form.
This is my workaround - essentially programatically clicking the submit button, instead of programatically submitting the form.
<html>
<head>
<script src="jquery-1.3.2.js"></script>
<script>
$(document).ready(function() {
alert('action=' + $("#formid").attr("action"));
alert('try to submit');
$("#sneaky").click();
});
</script>
</head>
<body>
<form action="http://www.testdomain.net/actionworksok" id="formid">
<input type=submit name=testname id=sneaky>
<input name=action value=test1>
<input name=submit value=test2>
</form>
</body>
</html>
Normally, Jquery users would simply call $("#formid").submit() after referencing a form. However, if your form contains an input field named "submit" (like <input name="submit">) then $("#formid").submit() does not submit the form.
This is my workaround - essentially programatically clicking the submit button, instead of programatically submitting the form.
<html>
<head>
<script src="jquery-1.3.2.js"></script>
<script>
$(document).ready(function() {
alert('action=' + $("#formid").attr("action"));
alert('try to submit');
$("#sneaky").click();
});
</script>
</head>
<body>
<form action="http://www.testdomain.net/actionworksok" id="formid">
<input type=submit name=testname id=sneaky>
<input name=action value=test1>
<input name=submit value=test2>
</form>
</body>
</html>
Monday, April 6, 2009
OWASP Podcast #15 - Interview with Brian Chess
Brian Chess talks about the Building Security In Maturity Model and software maturity models in general.
To listen to OWASP Podcast #15, you can download the mp3 file directly, subscribe to the RSS feed or subscribe directly through iTunes!
To listen to OWASP Podcast #15, you can download the mp3 file directly, subscribe to the RSS feed or subscribe directly through iTunes!
Subscribe to:
Posts (Atom)