Azrael Azrael - 18 days ago 5
Javascript Question

preventing javascript injections from navigation bar

I was playing around with cookies and stuff, until I noticed a website saying that you can easily set cookies via the navigation bar with one simple code;

javascript: document.cookie="SESSID=IDOFSESSIONHERE;path=/"


while doing this, I could login on one computer, copy the cookie data to another computer, and set the same cookie via this code, after a refresh I was logged in with the same user.

(just on a simple webpage I made myselve)

this seems like a security issue to me, I mean, ofcourse they would first need to get the cookie data, but without that, I imagine that you could do alot of damage with the
javascript:
from the cookies aside.

Is there any way to prevent the usage of
javascript:
from the navigation bar?

Answer

The user is the security issue not Javascript. The user gave you the session id - i.e. do you give out your keys/passwords to others? If you do what can the site do? Send around a blioke to look over your sholder all the time