当前位置: 首页 » javascript

How to set X

I am getting below alerts when we test our URL on ZAP tool: X-Frame - Options Header Not Set Web Browser XSS Protection Not Enabled X-Content-Type - Options Header Missing We have successfully set X-Frame-options and X-content type-options in REST and Servlet calls. But don't know how to set those in html and Javascripts? can anyone suggest the solution. The X-Frame-Options heade

2018-06-16 04:02:11

如何设置X

当我们在ZAP工具上测试我们的URL时,我得到了低于警报: X-Frame - 选项标题未设置 未启用Web浏览器XSS保护 X-Content-Type - 选项头缺失 我们已经在REST和Servlet调用中成功设置了X-Frame-options和X-content type-options。 但不知道如何在html和Javascripts中设置它们? 谁能提出解决方案。 X-Frame-Options标头添加在服务器端,而不是客户端。 这是因为标题用于控制浏览器如何呈现页面。 无论服务器托管您

2018-06-16 04:02:10

How do I make my CSS and JS files send HTTP response header

We did a penetration testing on a web app created in Laravel 4. One of the findings is "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'". The PHP code below sends the HTTP header for the sniffing issue, header('X-Content-Type-Options: nosniff'); Our second penetration testing showed the same findings for CSS and JS files. How do I get my CSS and

2018-06-16 04:01:09

如何让我的CSS和JS文件发送HTTP响应头

我们对在Laravel 4中创建的Web应用程序进行了渗透测试。其中一个发现是“Anti-MIME-Sniffing标题X-Content-Type-Options未设置为'nosniff'”。 下面的PHP代码为嗅探问题发送HTTP头, header('X-Content-Type-Options: nosniff'); 我们的第二次渗透测试显示了CSS和JS文件的相同结果。 我如何让我的CSS和JS文件发送相同的头文件? 或者有一种方法可以让我将所有需要的文件发送给HTTP头。 我已经检查了这个资源,https

2018-06-16 04:01:08

how do we check if this is a content script?

We develop extensions for Firefox. The script needs to know if it is a content script or a background script (sometimes the same script can be both a content script and a background script). We tried to do it with the following code: if (typeof exports === 'undefined') { // we're in a content script. } else { // we're in a background script. } But the problem is that typeof exports is

2018-06-16 03:36:18

我们如何检查这是否为内容脚本?

我们开发Firefox的扩展。 该脚本需要知道它是内容脚本还是后台脚本(有时相同的脚本可以是内容脚本和后台脚本)。 我们试着用下面的代码来做到这一点: if (typeof exports === 'undefined') { // we're in a content script. } else { // we're in a background script. } 但问题在于某些内容脚本中的typeof exports不是'undefined' 。 有没有更好的方法来知道我们在内容脚本中的时间? 编辑 :我有一个

2018-06-16 03:36:17

Firefox Extension util/match

I'm developing a browser extension for both Mozilla Firefox and Google Chrome. The extension provides functionality for Oracle APEX. Since is is supposed to run only on pages running Oracle APEX, I identify such pages with matching patterns in the subdirectory and parameters. This is easy for Chrome where I add this to my manifest.json "content_scripts": [{ "matches": ["*://*/*f?p=*", "

2018-06-16 03:35:16

Firefox扩展util / match

我正在为Mozilla Firefox和Google Chrome开发浏览器扩展。 该扩展提供了Oracle APEX的功能。 由于is只能在运行Oracle APEX的页面上运行,因此我在子目录和参数中标识具有匹配模式的页面。 对于我将这添加到我的manifest.json中的 Chrome来说,这很容易 "content_scripts": [{ "matches": ["*://*/*f?p=*", "*://*/*wwv_flow.accept*"], "js": ["content_script.js"], "run_at": "document_end" }] 但是,如果我尝试同

2018-06-16 03:35:16

How to send message from content script to panel?

I got some problems with the messaging among the main.js, page-mod's content script and panel's content script in my firefox addon.I transfer the chrome extension code to firefox addon. What is the order of these js files loaded? I try to figure out with console,but the log is refreshed. I have transfer the chrome specific API to firefox addon API,but I can't sure the other nativ

2018-06-16 03:34:14

如何从内容脚本发送消息到面板?

我的firefox插件中的main.js,page-mod的内容脚本和面板的内容脚本之间的消息传递存在一些问题。我将Chrome扩展代码传递给Firefox插件。 这些js文件的顺序是什么? 我试图找出与控制台,但日志刷新。 我已将Chrome特定的API传输到firefox插件API,但我不能确定其他本机消息js代码应该更改。现在,我将向您展示该示例。 在main.js : var pmworker = [] var pagemod = PageMod({ include: ['*'], contentScriptWhen:

2018-06-16 03:34:14

Relative image url in content script in Firefox Add

I'm currently developing a Firefox extension using Add-On SDK and bumped into a real problem. Basically my extension just injects a content script into a webpage like this: main.js var pageMod = require("page-mod"); var self = require("self"); pageMod.PageMod({ include: "http://mail.google.com/mail/*", contentScriptFile: [self.data.url("jquery.js"), self.data.ur

2018-06-16 03:33:12

Firefox添加内容脚本中的相对图像网址

我目前正在使用Add-On SDK开发Firefox扩展,并遇到了一个真正的问题。 基本上我的扩展只是将一个内容脚本注入到这样的网页中: main.js var pageMod = require("page-mod"); var self = require("self"); pageMod.PageMod({ include: "http://mail.google.com/mail/*", contentScriptFile: [self.data.url("jquery.js"), self.data.url("start.js")], attachTo : ["top"] }); start.js $('bod

2018-06-16 03:33:12

How to reference a file in the data directory of a Firefox extension?

I'm working on a Firefox extension and I need to inject a JavaScript into a page from a content script. In my Chrome extension I have done the following: this.initializeJplayerSupport = function() { var script = document.createElement('script'); script.setAttribute('type', 'application/javascript'); script.setAttribute('src', chrome.extension.getURL('js/custom-jplayer.js')); documen

2018-06-16 03:32:10

如何引用Firefox扩展的数据目录中的文件?

我正在开发Firefox扩展,我需要从内容脚本中将JavaScript注入页面。 在我的Chrome扩展程序中,我完成了以下操作: this.initializeJplayerSupport = function() { var script = document.createElement('script'); script.setAttribute('type', 'application/javascript'); script.setAttribute('src', chrome.extension.getURL('js/custom-jplayer.js')); document.head.appendChild(script); } 该文件在我的数据目

2018-06-16 03:32:10

A simple javascript/jQuery minifier in PHP

I want to compress my JS and jQuery code using the following method: <?php require_once(dirname(__FILE__).'/minifier.php'); header("Content-Type:application/x-javascript"); //here catching and gzip {...] //This file will be compressed. ob_start("minifier"); ?> ... here a lot of javascript code ... I've tried jsmin https://github.com/rgrove/jsmin-php/, but it's not maintained an

2018-06-16 03:14:37

PHP中的简单javascript / jQuery缩小器

我想用以下方法压缩我的JS和jQuery代码: <?php require_once(dirname(__FILE__).'/minifier.php'); header("Content-Type:application/x-javascript"); //here catching and gzip {...] //This file will be compressed. ob_start("minifier"); ?> ... here a lot of javascript code ... 我试过jsmin https://github.com/rgrove/jsmin-php/,但它不再被维护。 我更喜欢更容易的东西...任何帮助? 谢谢! 我一

2018-06-16 03:14:36

after combination javascript throws object is not a function error

I am trying to programmatically combine and minify all the javascript on client's pages using Assetic and JSMin. I believe it is a problem in the combination since the error is thrown when JSMin was turned off. I'm not really an expert in javascript, so I'm unsure where to start, even a vague answer can help me at this point... the error thrown: object is not a function. the fi

2018-06-16 03:13:35

组合后的JavaScript抛出对象不是函数错误

我试图以编程方式组合并使用Assetic和JSMin缩小客户端页面上的所有JavaScript。 我相信这是组合中的一个问题,因为当关闭JSMin时会引发错误。 我并不是真正的JavaScript专家,所以我不确定从哪里开始,即使是一个模糊的答案也可以帮助我。 抛出的错误: object is not a function. 这些文件按照它们包含的顺序进行组合,但在文档中有内嵌的JavaScript保持不变。 另外,如果有帮助,组合的JavaScript将成为第一件事 感

2018-06-16 03:13:35

Passing data to a bootstrap modal

I've got a couple of hyperlinks that each have an ID attached. When I click on this link, I want to open a modal ( http://twitter.github.com/bootstrap/javascript.html#modals ), and pass this ID to the modal. I searched on google, but I couldn't find anything that could help me. This is the code: <a data-toggle="modal" data-id="@book.Id" title="Add this item" class="open-AddBookDia

2018-06-16 03:11:31

将数据传递给引导模式

我有几个超链接,每个超链接都附有一个ID。 当我点击这个链接时,我想打开一个模式(http://twitter.github.com/bootstrap/javascript.html#modals),并将此ID传递给模式。 我在谷歌搜索,但我找不到任何可以帮助我。 这是代码: <a data-toggle="modal" data-id="@book.Id" title="Add this item" class="open-AddBookDialog"></a> 应该打开: <div class="modal hide" id="addBookDialog"> <d

2018-06-16 03:11:31