I am building a website in which I have included third part weather html widget, the widget looks from reliable source and is trusted over web. This widget is in the form of link and a small javascript tags which are then rendered once loaded.
I wanted to know how safe will my site data will be once I load this or other widgets, will they be able to sniff my site data including cookies, html,css etc.
CodePudding user response:
When you use 3rd party JavaScript on your site, you have to trust them. You are, in effect giving them permissions to run whatever code they want in your site. That code could:
- Read cookies that are not set as HTTP only
- Access all the data on the page
- Call JavaScript APIs from your server that would not normally be accessible to 3rd parties
- Change anything on they page
- Send any data they find back to the 3rd party (or any other party)
These ability could potentially be abused for any number of nefarious purposes such as stealing your data, redirecting your users, or tracking your users.
Here is a related article that goes into more detail: Jeremiah Grossman: Third-Party Web Widget Security FAQ
CodePudding user response:
Cookies you can't copy because they work only for domain if u change domain the browser begin new cookies . Html and js it is very easy to copy the is few option to do this:
- httrack
- use view source and more option...