Hi security minded friends,
Polonus was away for the week to central Poland, temp now minus 8 Celsius.
While not much online here last week on these here forums,
polonus is as always continuously on the look-out for script-security improvement of any sort.
I and a younger IT friend of mine stumbled onto this super script from the renowed resource engineer
& open source security researcher, zx2c4, from Paris, France.
His is the innovative secure.js script. To enjpoy this script, go to this link,
and see this javascript to prevent HTTPS leaks:
https://git.zx2c4.com/secure.js/tree/secure.jsAs we find in his to do list inside the code there is still some work to be done on detecting async scripts,
and through going over StackOverflow's solutions, and thnx to Cookie_Monster there, we stumbled upon:
document.querySelectorAll ( 'script') ;
< script async src= "jquery.js"onload = "jqueryloaded ( )"
var script = document. create Element ("script") ; script.src = jquery.js' ;
script.onload = jqueryloaded ;
document.body.appendChild(script) ;
head.load ("jQuery.js)" ,
function ( ) {
console.log
}) ;
Could there be a possibility secure.js could be adopted & enhanced in such a way?
Still waiting from a response from Jason Donenfeld (aka zx2c4) accordingly,
polonus (volunteer website security analyst and website error-hunter)