security - Firefox Scratchpad ' s javascript code has more privileges than a standar website javascript code? -

-

i've copy paste , run through scratchpad code form source code of website.

want know if code has more privileges when runs through scratchpad of firefox or has same privileges when runs directly through webpage.

before pasting on scratchpad firefox alerts message:

scam warning: take care when pasting things don't understand.
allow attackers steal identity or take control of computer.


know there javascript exploits run through website but..

the message firefox seems like:

"the javascript on scratchpad has more privileges javascript of webpage , attackers can steal without exploits, standar code"


is true?

the same code can act differently website , differently scratchpad in terms of security?

or it's including inside html, safety measures has javascript inside website?

why firefox alert on scratchpad done anyway visiting malicious webpage (potential javascript attack) ?

by default, code running in scratchpad can javascript on web site you're looking @ can do, no more , no less. means can access data site, , possibly send somewhere else without telling you, or can take actions pretending on site. message you're seeing warning unwary users not coders, keep them pasting malicious code might of things scratchpad because told them to, because won't able tell code malicious. if go facebook , @ browser console, you'll see similar warning explaining same thing, because common type of social engineering attack.

now, said "by default" earlier, let me explain meant. it's possible change scratchpad "content" mode "browser" mode. that, have enable option in developer tools settings (it's called "enable browser chrome , add-on debugging toolboxes"), , switch scratchpad browser mode using environment menu. if things, scratchpad can the browser itself, not particular web site, can do. scratchpad running in mode have more permissions web page does; can native application could. content mode default mode, , has same permission set web pages do.


Comments

Post a Comment

Popular posts from this blog

Hatching array of circles in AutoCAD using c# -

-
i beginner in autocad plugins .i have created array of circle using following code. now, have hatch circles in array .how that??how hatch circles @ once? moreover, how can return hatch method , use hatch objects.sorry language.thanks in advance. [assembly: commandclass(typeof(beamsection.class1))] namespace beamsection { public class class1 { //class1 obj = new class1(); [commandmethod("beamatsupport")] public void addlightweightpolyline() { // current document , database document acdoc = application.documentmanager.mdiactivedocument; database accurdb = acdoc.database; promptpointresult ppr = acdoc.editor.getpoint("\nselect starting point "); var ucs = acdoc.editor.currentusercoordinatesystem; point3d startingpt = ppr.value.transformby(ucs); list<double> radius = new list<double>(); radius.add(0.5);
Read more

ios - UITEXTFIELD InputView Uipicker not working in swift -

-
hello trying pop uipickerview view programmatically when user clicks on textfield. have tried doesn't doing anything. isn't working. nothing happening when click textfield class userprofiletableviewcontroller: uitableviewcontroller,uitextfielddelegate,uipickerviewdelegate,uipickerviewdatasource { var itempicker: uipickerview! = uipickerview() @iboutlet weak var gendertxtfield: uitextfield! var gender = ["male","female"] override func viewdidload() { super.viewdidload() gendertxtfield.delegate = self itempicker!.delegate = self itempicker!.datasource = self itempicker!.backgroundcolor = uicolor.blackcolor() self.gendertxtfield.inputview = itempicker } func numberofcomponentsinpickerview(pickerview: uipickerview) -> int{ return 1 } // returns # of rows in each component.. func pickerview(pickerview: uipickerview, numberofrowsincomponent component:
Read more

Python Pig Latin Translator -

-
so have been working on @ codecademy.com while trying learn python. don't know if blind , can't see why won't work or what. here's code won't let me use. function print variable if had typed in , print "empty" if didn't type anything. print "welcome english pig latin translator!" original = raw_input("what's name?") if len(original) > 0 print original else print "empty" if len(original) > 0 else the above lines contains syntax errors. try: if len(original) > 0: else: note added colons, ( : ).
Read more