BACA BERITA

Pass data from backend to javascript is done in many different ways. One of the most simple is to inject(<%= %>) value as function argument inside of script tag. Unfortunately this pattern has well known XSS vulnerability but in a little different form than same injection in html template.

Designer have used element class attribute for CSS styling for ages. Nowadays classes are also used in javascript selectors. This overlapping cause additional problems: Changes in js may cause broken design and changes in design may cause broken js. The last one may be hard to detect especially when design and css are handled by different person.

Many web developers came to the problem that they are not able to change value of file input field from Java Script in the web application. There is no access to value field of file input tag because of security restriction. However there is a trick how to erase this field if you need it in your application.