A short story about how encryption can go very wrong with a (Ruby) workflow we’re all guilty of using.
This time focusing on images and dangling markup. That’s when an attacker injects an <img> tag without closing it to extract the HTML of the rest of the page.
There are now „Not Secure“ warnings for insecure pages with password and credit card input fields in Chrome and Firefox 51.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.