I am trying to understand the cross site script inclusion. i have read the paper of sebastian lekeis (click here for paper and slide and video link) and got some idea about it. Here detecting dynamic javascript is a part of the methodology and I have some confusion here.
What exactly it means by dynamic javascript detection. Here it is told that the same script file would be requested twice. one with authentication and another without. but my confusion is if I request suppose script.js file twice how can it will differ. The server will always send the file with the same line of codes. isn't it..??
After getting the script file the browser will execute the file and when it is finished then it may differ from one to another.
suppose,
$http.get("home/GetInfo", function(response){
$scope.userName = response;
});
here $scope.userName value may differ but the script file will remain same.
What's wrong in my understanding..?
Dynamic JavaScript would be where the script file is processed by the server to insert values based on cookies etc, before it's sent to the client. This is sometimes used to pass some initial data to the client.
So the script file contents might be like:
sessionId = "<%= getSessionId() %>";
$http.get("home/GetInfo?sessionId="+sessionId, function(response){
$scope.userName = response;
});
and when requesting it, you get something like:
sessionId = "d8e8fca2dc0f896fd7cb4cb0031ba249";
$http.get("home/GetInfo?sessionId="+sessionId, function(response){
$scope.userName = response;
});
The sessionId literal would be different each time the script's requested, which when detected shows that dynamic JavaScript was used.