dianesun

…FIPS compliance.

Fortify scan finds HTML5: Overly Permissive Message Posting Policy in jszip.js line 11477 and 11504

1

Fortify Priority: Low Folder Low Kingdom: Encapsulation Abstract: On line 11477 of jszip.js the program posts a cross-document message with an overly permissive target origin.. Sink: jszip.js:11477 FunctionPointerCall: postMessage() 11475...

Abstract: The random number generator implemented by random() cannot withstand a cryptographic attack. Sink: jszip.js:11488 FunctionPointerCall: random() 11486 // * http://www.whatwg.org/specs/web-apps/currentwork/multipage/comms.html#crossDocumentMessages 11487 11488 var messagePrefix = "setImmediate$" + Math.random() +...