headless-browser
Insecure usage of most popular headless browser APIs
Run Locally
Rules (15)
Remote debugging protocol does not perform any authentication, so exposing it too widely can be a security risk.
Remote debugging protocol does not perform any authentication, so exposing it too widely can be a security risk.
If unverified user data can reach the `phantom` page methods it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `addInitScript` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `evaluate` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `evaluate` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `goto` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `setContent` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `evaluate` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `evaluate` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `goto` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `setContent` method it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `wkhtmltoimage` it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `wkhtmltopdf` it can result in Server-Side Request Forgery vulnerabilities
If unverified user data can reach the `compileScript` method it can result in Server-Side Request Forgery vulnerabilities