In the demo below, we can see that the web app fails to load when the name variable is set to “Bob”. Fortunately, we can easily fix this issue by checking if the value of the name variable exists in the database. By default, the name variable is set to “Bob” in our demo app. This means that when the app is served, it will not load when the user types “Bob” into the input field on the homepage. We can easily fix this issue by checking if the value of the variable “name” exists in the database. The code below will ensure that the web app loads when the name variable is set to “John”. script> if(!isset($('#name').val()) || $('#name').val() != 'John' || !isset($('#name').val()) || !$('#name').val() ) { alert('Please set your name to "John"'); } /script>
How to protect sensitive data with a restrictive API
In the demo below, we can see that the web app fails to load when the name variable is set to “Bob”. Fortunately, we can easily fix this issue by checking if the value of the name variable exists in the database. By default, the name variable is set to “Bob” in our demo app. This means that when the app is served, it will not load when the user types “Bob” into the input field on the homepage. We can easily fix this issue by checking if the value of the variable “name” exists in the database. The code below will ensure that the web app loads when the name variable is set to “John”. script> if(!isset($('#name').val()) || $('#name').val() != 'John' || !isset($('#name').val()) || !$('#name').val() ) { alert('Please set your name to "John"'); } /script>
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/14/2022 01:08:00 UTC
References
- https://github.com/beautify-web/js-beautify/blob/6fa891e982cc3d615eed9a1a20a4fc50721bff16/js/src/core/options.js#L167
- https://github.com/beautify-web/js-beautify/issues/2106
- https://github.com/beautify-web/js-beautify/blob/6fa891e982cc3d615eed9a1a20a4fc50721bff16/js/src/core/options.js#L167.aa
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37609