- Help Center
- Account and profile
- Profile: dynamic content
-
ProZ.com general information
-
Account and profile
- Login/Registration
- Profile: general
- Profile: native language
- Profile: referrals
- Profile: fields of expertise
- Profile: languages
- Profile: dynamic content
- Profile: portfolio/sample translations
- Profile: project history
- Profile: services
- Profile: rates
- Profile: social networking
- Profile: identity verification
- Profile: CV/resume
- Profile: credentials
- Profile: contact information
- Profile: bio
- Profile: availability calendar
- Profile: tabs
- Profile: translator feedback (WWA)
- Profile: directory ranking
- Browniz points
- ProZ.com wallet
- Membership: general
- Professional membership
- Business membership
- Business page
- Professional Premium Membership: website
-
Billing and payment
-
Email and notifications
-
Jobs and directories
-
Education
-
Community
- Forums
- Podcasts
- Translation events
- Powwows
- WIWO (What I'm Working On)
- Certified PRO Network
- Translation teams
- Translation contests
- Exchange
- Translator Playground
- ProZ.com community choice awards
- Mentoring program
- ProZ.com moderators
- ProZ.com website localization
- Localization project
- Quick polls
- Justin Chlebus Memorial Scholarship Fund
- ProZ.com local
-
Terminology
-
Tools
-
ProZ*Pay
-
Remote interpreter pool
-
Native speaking conversation
What are the risks of accepting dynamic content (i.e. running javascript) from a profile owner?
Although such content is common on the internet and is likely harmless, there is a possibility that security risks may be involved. For example, a cross-site scripting attack might allow the profile owner to gain unauthorized access to the viewer's ProZ.com account. (See this cross-site scripting article on Wikipedia for details.)
Because of this potential security risk, user-supplied dynamic content is only enabled in profile pages when the viewer has given permission.