Solved

Assess if java script has insecure coding issue

Posted on 2016-08-12
1
166 Views
Last Modified: 2016-08-15
Refer to attached text file which has a javascript from our vendor who will be doing
tagging onto our website pages.

Also refer to another article id 28961487 in EE for background:
https://www.experts-exchange.com/questions/28961487/Mitigations-for-tagging-aggregator-sites-to-our-site.html

Q1:
Does the few lines of java script pose security concern other than capturing potential customer's
personal data (this is Ok but not capturing more than that)

Q2:
Does the java script codes violate any OWASP Top 10 secure coding practices?
AggregatorMkg_JavaTag.txt
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 57

Accepted Solution

by:
Julian Hansen earned 500 total points
ID: 41753775
I don't see any issues with the script. All it does is create a random number which it inserts into the URL that is used in a dynamically created <iframe>. No other information appears to be passed in the src other than the hardcoded variables and the random number.
0

Featured Post

Scamming the Scammers!

Have you ever heard of Scam Baiting?
It's a highly entertaining sport that you can participate in.
Introduction to beating scammers at their own game and how you can help
Share your thoughts, ideas and experiences on the topic.
Links to top Anti-Scam resources provided.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question