You are not logged in.

1

Tuesday, February 25th 2014, 3:48am

Risks of DOM Based XSS due to "unsafe" JavaScript functions (krpano js)

hi,
krpano (html5 version) js files packaged encrypted using IBM's appScan scanning tool to scan, you will find high-risk vulnerabilities
I think it is some js file syntax problems, such as:. Eval ()
For example: [1 of 2] DOM Based Cross-Site Scripting
Severity: High
Link address: http://blog.csnc.ch/2013/01/dom-based-xs…ript-functions/
I hope you help me
Thanks

2

Tuesday, February 25th 2014, 4:44pm

Hi,

sorry, but that page is nonsense .
Eval or innerHTML aren't automatically bad.

When all external parameters and interfaces in krpano are disabled, then there is no way inject any custom code. Please explore the krpano Protect Tool for details.

Best regards,
Klaus