The TLDR Tech
  • Home
  • Django
  • Dev Hacks
  • About
  • Author
  • Consult
Rahul Jaisinghani

Rahul Jaisinghani

3 posts published

📍 Mumbai
https://www.linkedin.com/in/rahul-jaisinghani/
Beware of Cross-site scripting (XSS) in Django Templates
Web Security

Beware of Cross-site scripting (XSS) in Django Templates

1. Django Templates support Automatic HTML escaping. 2. Caveates in Django Templates leading to Cross-site scripting (XSS). 2.1 Safe Filter, 2.2 Unquoted Payload, 2.3 autoescape off 2.4 Variable in script tag

  • Rahul Jaisinghani
Rahul Jaisinghani May 1, 2022 • 3 min read
How to protect your cookie from getting accessed by malicious client scripts using HttpOnly
Web Security

How to protect your cookie from getting accessed by malicious client scripts using HttpOnly

A cookie can be accessed through javascript if it does not have the HttpOnly header set. An attacker who managed to perform XSS or run a client-side script is able to access the cookie if it does not have the HttpOnly flag set. Cookie with HttpOnly flag set is inaccessible

  • Rahul Jaisinghani
Rahul Jaisinghani Dec 27, 2021 • 1 min read
How to implement and test your Content Security Policy (CSP)
Web Security

How to implement and test your Content Security Policy (CSP)

> Never let browser blindly trust any source of the content received from the server. Allowing all data sources by a web application can lead to execution of malicious scripts. Hence it is important to add a additional defence layer to mitigate and detect XSS, clickjacking and other code injection attacks

  • Rahul Jaisinghani
Rahul Jaisinghani Dec 26, 2021 • 1 min read
The TLDR Tech © 2022
Powered by Ghost