Alternatively called JSON hijacking, JavaScript hijacking is an attack where potentially sensitive information is obtained from a user. It is carried out by exploiting a JSON (JavaScript object notation) on another website. Attackers intercept information from another website by running the script from their websites and capturing the JSON data before it’s sent back to the original website.

The vulnerability presents itself when a web browser has a faulty Single Origin Policy. This fault may allow a JavaScript program to be loaded from a different website. JSON data retrieved from the script is hijacked before being sent back to the original website, giving an attacker any information sent through JSON via the script.

Hijack, JavaScript, Security terms

  • How to protect yourself while on the Internet.
  • Computer security help and support.