- Added testcases for bypassing frontend validation.
- Improved layout of the lesson - Fixed JavaScript issues with 'let'
This commit is contained in:
@ -1,4 +1,5 @@
|
||||
== Validation
|
||||
|
||||
Often, there is some mechanism in place to prevent users from sending altered
|
||||
field values to server, such as validation before sending. Most of popular browsers
|
||||
such as Chrome don't allow editing scripts during runtime. We will have to circumvent
|
||||
|
@ -1,10 +1,11 @@
|
||||
|
||||
== Concept
|
||||
|
||||
Users have a great degree of control over the front-end of the web application.
|
||||
They can alter HTML code, sometimes also scripts. This is why
|
||||
apps that require certain format of input should also validate on server-side.
|
||||
|
||||
== Goals
|
||||
|
||||
* The user should have a basic knowledge of HTML
|
||||
* The user should be able to tamper a request before sending (with proxy or other tool)
|
||||
* The user will be able to tamper with field restrictions and bypass client-side validation
|
||||
|
Reference in New Issue
Block a user