Search the Community
Showing results for tags 'html5'.
-
A set of 170+ Bootstrap based design blocks ready to be used to create clean modern websites. https://www.froala.com/design-blocks Froala Design Blocks Over 170 responsive design blocks ready to be used in your web or mobile apps. All blocks are based on the Bootstrap Library, and they are the building blocks for beautiful websites. Discuss it on Product Hunt Explore Design Blocks » WYSIWYG HTML Editor · Pages · Blog · Download Table of contents Quick start What's included? Bugs and feature requests Dependencies Categories Browser support Community Development Contributors Copyright and license Quick start Several quick start options are available: Download the latest release. Clone the repo: git clone https://github.com/froala/design-blocks.git Install with npm: npm install froala-design-blocks What's included Within the download archive you'll find the following directories and files, logically grouping common assets and providing both compiled and minified variations. You'll see something like this: design-blocks/ ├── dist/ │ ├── css/ │ │ ├── froala_blocks.css │ │ └── froala_blocks.min.css │ └── imgs/ │ │── call_to_action.html │ │── contacts.html │ │── contents.html │ │── features.html │ │── footers.html │ │── forms.html │ │── headers.html │ │── index.html │ │── pricings.html │ │── teams.html │ └── testimonials.html ├── psds/ ├── screenshots/ └── src/ We provide compiled CSS (froala_blocks.css), as well as compiled and minified CSS (froala_blocks.min.css). Also, in the downloaded archive you will find useful images and PSD files that you can use to create new backgrounds. In the screenshots folder, there are the screenshots of all design blocks. Bugs and feature requests Have a bug or a feature request? Please first read the issue guidelines and search for existing and closed issues. If your problem or idea is not addressed yet, please open a new issue. Dependencies Bootstrap. Froala Design Blocks is built on Bootstrap 4 library and fully supports it. It uses the Javascript files only for the header design blocks, so if you don't need them, we recommend not to include the Bootstrap JS files in order to reduce your bundle size. Font Awesome. We're using the amazing Font Awesome library for the social network icons. Google Fonts. By default, the Design Blocks toolkit is built using the Roboto font, however that can easily be changed to other fonts. Categories Call to action - https://github.com/froala/design-blocks/blob/master/dist/call_to_action.html Contacts - https://github.com/froala/design-blocks/blob/master/dist/contacts.html Contents - https://github.com/froala/design-blocks/blob/master/dist/contents.html Features - https://github.com/froala/design-blocks/blob/master/dist/features.html Footers - https://github.com/froala/design-blocks/blob/master/dist/footers.html Forms - https://github.com/froala/design-blocks/blob/master/dist/forms.html Headers - https://github.com/froala/design-blocks/blob/master/dist/headers.html Pricings - https://github.com/froala/design-blocks/blob/master/dist/pricings.html Teams - https://github.com/froala/design-blocks/blob/master/dist/teams.html Testimonials - https://github.com/froala/design-blocks/blob/master/dist/testimonials.html Browser Support At the moment, we aim to support all major web browsers. Any issue in the browsers listed below should be reported as a bug: Internet Explorer 10+ Microsoft Edge 14+ Safari 6+ Firefox (Current - 1) and Current versions Chrome (Current - 1) and Current versions Opera (Current - 1) and Current versions Safari iOS 7.0+ Android 6.0+ (Current - 1) and Current means that we support the current stable version of the browser and the version that precedes it. Community Get updates on Froala Design Blocks' development and chat with the project maintainers and community members: Follow @froala on Twitter Read and subscribe to The Official Froala Blog Check the Official Website Join us on Facebook Google+ Pinterest Development Get code git clone git@github.com:froala/design-blocks.git cd design-blocks Install dependencies and run project npm install npm run gulp Contribuitors Special thanks to everyone who contributed to getting the Froala Design Blocks to the current state. Shourav Chowdhury - source of inspiration for the images Copyright and license Code and documentation copyright 2017 Froala Labs. Code released under the Froala Open Web Design License. Sources: https://www.froala.com/design-blocks https://github.com/froala/design-blocks
-
- html5
- bootstrap4
-
(and 3 more)
Tagged with:
-
Salutare, Dupa cum spune si titlul caut 4 programatori capabili si muncitori. Pozitiile necesare sunt 2 de front-end si 2 de back-end. Jobul permite munca in regim remote programul fiind de 8 ore pe zi. Probabil este de la sine inteles ca nu vreau sa ne pierdem timpul unii cu altii si ca ceea ce incercam sa facem se numeste business. Primeaza in fata oricarui lucru onestitatea, determinarea,integritatea si mai ales seriozitatea. Cele 8 ore de munca trebuiesc cumva alese in cursul zilei in asa fel incat un minim de 3-4 ore sa te poti intersecta cu ceilalti membrii ai echipei. Daca consideri ca vei putea fi disponibil/a pe perioada veri pentru o perioada de minim 3 luni poti aplica linistit/a. Salariul este in functie de cunostintele tale si disponibilitatea ta asa ca nu iti fie frica sa ceri cat consideri ca meriti. Oferta ta poate fi de genul ron/ora ori ron/luna. Cateva lucruri care te-ar putea ajuta: - referinte de la fosti clienti/angajatori. - cateva exemple recente de munca care ai facut-o. - contributia ta in diferite proiecte. Va stau la dispozitie pentru orice informatie sau pentru a aplica: radustefan820@gmail.com Aceasta propunere nu vine din partea unei firme ce crede ca un web developer, programator trebuie sa se ocupe de 3 posturi intr-o firma. Va multumesc frumos pentru interesul acordat si ca ati pierdut cateva minute sa cititi post-ul meu. O zi cat mai buna, Radu
-
- 5
-
- loc de munca
- back-end
-
(and 8 more)
Tagged with:
-
Develop in Go, Python, Node, Ruby, PHP, etc or play with Docker,Wordpress, Django, Laravel or create Android, IOS/iPhone, HTML5 apps.All for Free 1 VM 1 Core 1GB RAM 3GB Total Disk
-
In this article, we will discuss HTML5 Web Messaging (or Cross Domain Messaging) attack vectors and security implementations. Why is it important to understand HTML5 attacks? HTML5 is one of the emerging technologies for next generation Web applications. It has brought a lot of new features to the Web. HTML5 applications are also widely used in the mobile app world. Along with the features, HTML5 has brought various new attack vectors as well. The main focus of this article is to show the possible attack vectors with the Cross Domain Messaging feature. Before going ahead with the security concepts of Cross Domain Messaging, let us understand the basics of how Cross Domain Messaging is implemented in HTML5. Cross Domain Messaging Due to the same origin policy restrictions before HTML5, sending messages between windows was only possible if both windows used the same protocol, port, and host. With the introduction of HTML5, all those restrictions are gone and we can now pass messages across domains without having to worry about Same Origin Policy restrictions. HTML5 has a new method called postMessage(). Using this, we can pass messages between windows regardless of their origin. Below is the syntax of postMessage(). Sending Window: otherWindow.postMessage(message, targetOrigin, [transfer]); otherWindow: This is a reference to another window. Message: The message to be passed to the receiving window. targetOrigin: The URL of the receiving window must be specified here. If we do not have any specific preference, we can specify it as “*”. Specifying “*” as ‘targetOrigin’ has some security implications we will discuss in later sections of this article. Transfer: This is optional. Receiving Window: When otherWindow.postMessage() is executed, a messageEvent will be dispatched at the receiver window. We can receive the message dispatched by the sender using the following code snippet. window.addEventListener("message",receiveMessage, false); function receiveMessage(event){ if (event.origin !== "http://site.com:8383") return; // ... } From the above code snippet, we can access the data and origin of this message as shown below. event.origin – Gives the origin of the message (The URI from which we are receiving this message). event.data – Gives the actual message being sent. Now, we have got some basic knowledge of what cross domain messaging in HTML5 is and how it is implemented in the applications. Let us now see the security implications of cross domain messaging. For demonstration purposes, I have set up the following lab. A: http://localhost:8383/ B: Romanian Security Team - Homepage As we can see, we have two different ports on the above two URLs. The first URL is running on port 8383 and the second URL is on the default port 80. So, it is obvious that they have two different origins, since the port numbers are different. In our lab setup, A is the message sender and B is the receiving window. We are going to load the second URL Romanian Security Team - Homepage as an iframe in the first URL. I can send messages from the domain http://localhost:8383/ to the domain Romanian Security Team - Homepage using the postMessage method. We can check it by clicking the “Send Message” button as shown below. The iframe which is loaded into the first URL is from a different origin, but we are able to send a message to it using HTML5’s postMessage() method. Now, let us look at some scenarios where this postMessage() implementation can introduce vulnerabilities into our applications. Case 1 Code at sender: receiver.postMessage('Hi There..!', '*');< When the sender has the above code where he specifies the target origin with a wildcard “*”, an unintended recipient (window) can receive this message from the sender. Since the receiving window is listening for incoming messages, anyone can load it into an iframe and can listen for the messages coming to it. So, it is a bad idea to give a wildcard when passing sensitive data to the receiving windows. How to fix this: It is possible to fix this just by adding the specific target in the target field. So, in this case http://localhost is the only origin that can receive this message. This is as shown below. receiver.postMessage('Hi There..!', 'http://localhost'); Case 2 Code at receiving window: function receiveMessage(e) { do something..! } In the above code, we are receiving the message from the sender and directly processing it without checking who sent this message. It is always important to check the origin of the message to prevent receiving messages from unauthorized senders. How to fix this: function receiveMessage(e) { if (e.origin !== "http://localhost:8383") return; do something..! } Always validate the origin from which you want to receive the messages. In our case, we want to receive messages only from http://localhost:8383. So, we are making a simple check to see if the message is coming from http://localhost:8383 using the property event.origin. If this is not matching, we won’t receive the message. Case 3 The next attack vector is the infamous Cross Site Scripting. Both the sender as well as receiver should always validate the messages being passed. If the data is inserted into HTML DOM without proper validation, then the application becomes vulnerable to DOM based Cross Site Scripting. The following code snippet shows how an application may become vulnerable when a malicious message is received from the attacker and it is inserted into the receiver’s HTML DOM using innerHTML property. Sender: receiver.postMessage("<img src='x' onerror=alert(1);>", 'http://localhost'); Receiver: function receiveMessage(e) { if (e.origin !== "http://localhost:8383") return; messageEle.innerHTML = "Message from localhost:8383: " + e.data; } When the above code is executed, it causes an XSS in the receiving window as shown in the figure below. How to fix this: The easiest way to fix this issue is to assign the data value to an element using textContent rather than using innerHTML. This is done as shown below. Sender: receiver.postMessage("<img src='x' onerror=alert(1);>", 'http://localhost'); Receiver: function receiveMessage(e) { if (e.origin !== "http://localhost:8383") return; element.textContent = "Message from localhost:8383: " + e.data; } When the above code is executed, we should see the text displayed in the receiving frame as “data” rather than code. As we can see in the above figure, the code is now not executed. Rather, it is displayed as normal text. Conclusion We have discussed the basics of Cross Domain Messaging and some of the possible attacks against this feature in HTML5. We will discuss other possible attacks against HTML5 web applications in later articles. Source
-
Table of Contents Abstract.........................................................................................................................................................1 1. Introduction..........................................................................................................................................2 1.1 Form Validation in HTML 4 ...........................................................................................................2 1.2 Form Validation in HTML5 ............................................................................................................3 2. HTML5 Security Concerns.....................................................................................................................4 2.1 Web Storage Attacks.....................................................................................................................4 3.1 Session Storage .............................................................................................................................5 3.2 Local Storage.................................................................................................................................5 3.3 localStorage API ............................................................................................................................6 3.3.1 Adding an Item..................................................................................................................6 3.3.2 Retrieving Items................................................................................................................6 3.3.3 Removing an Item .............................................................................................................6 3.3.4 Removing All Items............................................................................................................6 3.4 Session Storage API.......................................................................................................................7 3.4.1 Adding An Item..................................................................................................................7 3.4.2 Retrieving An Item.............................................................................................................7 3.4.3 Removing An Item.............................................................................................................7 3.4.4 Removing All Items............................................................................................................7 3.5 Security Concerns with Web Storage in HTML5 ...........................................................................7 3.6 Stealing Local Storage Data via XSS ..............................................................................................8 3.7 Stored DOM Based XSS Attacks....................................................................................................9 3.8 Example of a DOM Based XSS .....................................................................................................10 4. WebSockets Attacks ...........................................................................................................................11 4.1 Security Concerns of WebSockets Attacks..................................................................................11 4.1.1 Denial of Service Issues...................................................................................................11 4.1.2 Denial of Service on the Client Side ................................................................................11 4.1.3 Denial of Service on the Server Side ...............................................................................12 4.1.4 Data Confidentiality Issues..............................................................................................12 4.1.5 Cross-Site Scripting Issues in WebSocket........................................................................13 4.1.6 WebSocket Cross-Site Scripting Proof of Concept..........................................................13 4.1.7 Proof of Concept of WebSocket XSS ...............................................................................14 4.1.8 Origin Header..................................................................................................................15 5. XSS with HTML5 Vectors.....................................................................................................................16 5.1 Case 1 – Tags Blocked .................................................................................................................16 5.2 Case 2 - Attribute Context...........................................................................................................16 5.2.1 Example...........................................................................................................................16 5.3 Case 3 – Formaction attribute ....................................................................................................18 6. Cross Origin Resource Sharing (CORS)................................................................................................19 6.1 What is an Origin?.......................................................................................................................19 6.2 Crossdomain.xml.........................................................................................................................19 6.3 What is CORS?.............................................................................................................................20 6.3.1 Example...........................................................................................................................20 6.3.2 Security Issue...................................................................................................................20 6.3.3 Example...........................................................................................................................20 6.3.4 Example...........................................................................................................................20 6.3.5 Proof of Concept .............................................................................................................22 7. GeoLocation API..................................................................................................................................23 7.1 Introduction ................................................................................................................................23 7.2 Security Concerns........................................................................................................................23 7.2.1 Example...........................................................................................................................23 7.2.2 Proof of Concept .............................................................................................................24 7.2.3 Chrome............................................................................................................................24 7.2.4 Firefox..............................................................................................................................24 8. Client Side RFI Includes.......................................................................................................................26 8.1 Vulnerability Example .................................................................................................................26 8.2 Example.......................................................................................................................................27 8.3 Request .......................................................................................................................................28 8.4 Safer Example .............................................................................................................................28 8.5 Open Redirects............................................................................................................................29 8.5.1 Example...........................................................................................................................29 9. Cross Window Messaging...................................................................................................................30 9.1 Sender’s Window........................................................................................................................30Copyright© 2014 RHA InfoSEC. All rights reserved. Page iv 9.2 Receiver’s Window......................................................................................................................30 9.3 Security Concerns........................................................................................................................31 9.3.1 Origin not being checked ................................................................................................31 9.3.2 Impact .............................................................................................................................31 9.3.3 DOM Based XSS...............................................................................................................31 9.3.4 Vulnerable Code..............................................................................................................32 10. Sandboxed Iframes.............................................................................................................................33 10.1 Security Concerns........................................................................................................................33 11. Offline Applications ............................................................................................................................34 11.1 Example.......................................................................................................................................34 11.2 Security Concerns........................................................................................................................35 12. WebSQL ..............................................................................................................................................37 12.1 Security Concerns........................................................................................................................37 12.2 SQL Injection ...............................................................................................................................37 12.3 Insecure Statement.....................................................................................................................37 12.4 Secure Statement........................................................................................................................38 12.5 Cross Site Scripting......................................................................................................................39 12.5.1 Example...........................................................................................................................40 13. Scalable Vector Graphics....................................................................................................................41 14. Webworkers........................................................................................................................................44 14.1 Creating a Webworker................................................................................................................44 14.1.1 Sending/Receiving a Message to/from Webworker.......................................................44 14.2 Cross Site Scripting Vulnerability ................................................................................................46 14.2.1 Example...........................................................................................................................46 14.3 Distributed Denial of Service Attacks..........................................................................................47 14.4 Distributed Password Cracking ...................................................................................................50 15. Stealing Personal Data Stored With Autocomplete Function ............................................................52 15.1 Example: Autocomplete Attribute in Action...............................................................................52 16. Scanning Private IP Addresses............................................................................................................54 16.1 WebRTC.......................................................................................................................................54 17. Security Headers to Enhance Security with HTML5 ...........................................................................56 17.1 X- XSS-Protection ........................................................................................................................56 17.2 X-Frame-Options.........................................................................................................................56 17.3 Strict-Transport-Security.............................................................................................................57 17.3.1 Example...........................................................................................................................58 17.4 X-Content-Type-Options.............................................................................................................58 17.4.1 Example...........................................................................................................................58 17.4.2 Example...........................................................................................................................59 17.5 Content-Security-Policy ..............................................................................................................59 17.5.1 Sample CSP......................................................................................................................60 Acknowledgements.....................................................................................................................................61 References ..................................................................................................................................................62 Read more: http://dl.packetstormsecurity.net/papers/attack/HTML5AttackVectors_RafayBaloch_UPDATED.pdf
-
ofer servicii de web design / development , graphic design gratis. Daca este cineva interesat contactati-ma pe site-ul meu personal FeatherByte | Web Designer/Developer sviluppo siti web , logo e Gragica Web Roma sau PM Doresc sa imi creez un portofolio. !important - pot sa lucrez doar sambata , duminica si seara dupa ce revin de la lucru
-
Rile.js is a small HTML5 EPUB file reader. This project is still an early alpha, so most of the EPUB files will probably not display correctly or work at all. This project begun partially as a research project and partially as a tool for my fiancée’s writing blog. The name “Rile.js” comes directly from her first short story TODO Write tests Better page slicing - the slicing methods are not yet ready, they still need some love. Asynchronous pages slicing - because nobody likes when the UI freezes on large documents. Remembering the current page between page reloads. Download: https://github.com/sebastianrosik/rile.js.git Sources: https://github.com/sebastianrosik/rile.js XA//VX - Just some stuff about front-end development
-
Malicious URL Shortener + HTML5 DDoS PoC This project demonstrates the serious consequences of the Internet's increased reliance upon URL shortners, as well as how easy it is to create an unwitting DDoS botnet using new HTML5 features without actually exploiting a single computer. It is intended only for demonstration and testing purposes; if you target a site that is not yours, you are responsible for the consequences. Download: http://d0z-me.googlecode.com/files/d0z-me-0.2.tar.gz
-
Este un plugin pentru powerpoint, folositor pentru a crea con?inut e-learning în format SCORM, web, flash, in special pentru platforme e-learning gen moodle, pagini web simple în HTML5, grafice, toate acestea cu optiunea de a fi optimizate pentru dispozitive mobile. Men?ine efectele, anima?iile, cam tot formatul prezent?rii, se poate exporta în diferite formate, only content pentru grafice sau orientare web, avem si optiunea cu player pentru con?inut e-learning. Ofera licente free pentru Beta Testeri. _________________________________________________ Create interactive eLearning courses with narrations in Flash and HTML5 and view them on computers, Android devices and iPads. See what’s new ? Publish to Flash and HTML5 Create interactive courses and presentations for all computers, Android tablets and iPads with a single mouse-click. iSpring Pro 7 allows you to convert your PowerPoint content into Flash, HTML5 or Flash+HTML5 in a combined mode. Now you can develop eLearning package that will be supported on all devices Sursa: IspringSolutions
- 1 reply
-
- content
- e-learning
-
(and 3 more)
Tagged with: