Screencastify chrome exteionns

broken image
broken image

To make that happen, the attacker would still need to trick the victim into clicking on this button. for Google: Web giant talks up 40 new Chromebook models, school-focused ChromeOS So, if the query string parameter is something like javascript:alert(document.domain), will clicking this button run JavaScript code in the context of the domain? It sure will!'

broken image

'Is there some link validation in between? Nope.

broken image

'It’s a query string parameter,' Palant explains in his post. The page contained a “View on Classroom” button that sent the user to Google Classroom using this code: window.open(urseworkLink) Palant found an XSS bug on an error page that gets presented when a user tries to submit a video after already submitting one for an assignment.

broken image

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save