+ 1

How can one allow XSS in local HTML files?

I have two files on my computer, in the same folder. Let's say that they are "PageOne.html" and "PageTwo.html". Now, PageOne has an IFrame which contains PageTwo. I want PageTwo to be able to access something from PageOne using Javascript, but XSS security in Firefox prevents me from doing that. I want my local project to stay local, but I also want to find a way to securely have both HTML documents access each others' elements. Is there a script I can use on my computer that will securely verify these in my web browser and permit XSS access? Or, since this is only on my computer and I don't plan on releasing it to the web, should I just try to bypass the restriction from within Firefox - and if this is the case, how do I do that with local files only? I do not want to make myself vulnerable, nor am I trying to hack some other site. I just want my local project to work.

html javascript elements tags security xss firefox

18th Aug 2020, 6:12 AM

Harvey Houston

5 Respostas

+ 1

See this:https://flylib.com/books/en/2.500.1.72/1/

18th Aug 2020, 6:16 AM

Matias

+ 1

Ok try this:https://stackoverflow.com/questions/4287174/enabling-xss-from-files-hosted-on-local-filesystem

18th Aug 2020, 6:36 AM

Matias

+ 1

Google search:https://www.google.com/search?client=ms-android-transsion-tecno-rev1&biw=1261&bih=2326&sxsrf=ALeKk03XZHNFvZRnOSqFAhJnPjQ5X31rnw%3A1597731323547&ei=-3E7X8qEIaaIlwSyrabQCQ&q=How+can+one+allow+XSS+in+local+HTML+files%3F&oq=How+can+one+allow+XSS+in+local+HTML+files%3F&gs_lcp=CgZwc3ktYWIQA1D9Alj9AmDjC2gAcAB4AIABAIgBAJIBAJgBAKABAaoBB2d3cy13aXrAAQE&sclient=psy-ab&ved=0ahUKEwiK7vH_jKTrAhUmxIUKHbKWCZoQ4dUDCAw&uact=5

18th Aug 2020, 6:39 AM

Matias

Since I want this to stay local, I'm not sure about verifying with CORS, or other online scripts. Adding the appropriate meta tags in the HTML head didn't work, anyhow. What I'd prefer is to verify it locally, but if this is not possible, then I need a secure way to verify it with a script available online. Any suggestions would be great!

18th Aug 2020, 6:16 AM

Harvey Houston

@Matiyas Sirak I'm not sure how your link helps me. It shows a list of exploits, but not only is it an old book (released in 2004, which means the exploits could have been patched by now), it doesn't really help me achieve my goal. I don't want to have to exploit a bug, if possible. I want more legitimate means of achieving my goal.

18th Aug 2020, 6:25 AM

Harvey Houston