Preventing javascript injection from navigation bar
I was playing with cookies and things until I noticed a website that says you can easily set a cookie through the navigation bar with one simple code;
javascript: document.cookie="SESSID=IDOFSESSIONHERE;path=/"
by doing this I can login to one computer, copy cookie data to another computer and set the same cookie through this code, after the update I was logged in with the same user.
(just on a simple webpage i did myselve)
this seems like a security issue to me, I mean of course they need to get the cookie data first, but without that, I think you could do a lot of damage with javascript:
from cookies.
Is there a way to prevent javascript:
the navigation bar from being used ?
source to share
You cannot disable JavaScript in the navigation bar. I could visit your site and use the Internet Explorer Debug Tool, Chrome Debug Tool, or FireBug to run JavaScript code on your page.
Since JavaScript runs on the visitor's local computer, you have no control over it. Only the visitor controls which cookies are stored in the browser.
What you need to do is perform server side security measurements. But yes, all session cookie dependent authentication processes will have the security issue you explain.
source to share