Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cross-site scripting (DOM-based) - data is read from window.location.href and passed to $()

Yogesh | Last updated: Jul 04, 2022 01:59PM UTC

I'm getting the following error "The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.href and passed to $()." My code looks like this let url = window.location.href; let urlHash = url.split('#'); let faqId = urlHash[1]; let div = $('#' + faqId); I did some R&D but didn't find any case in which the malicious code could be used. Is it a false positive?

Yogesh | Last updated: Jul 04, 2022 03:23PM UTC

And yes, I'm using jQuery version 1.12.4 Here is the full code snippet for referance let url = window.location.href; let urlHash = url.split('#'); let faqId = urlHash[1]; let div = $('#' + faqId); if (div.length >= 1) { div.find(".question").addClass('active'); div.find(".answer").css('display','block'); }

Yogesh | Last updated: Jul 05, 2022 08:41AM UTC

I'm eagerly looking for the answer...

Michelle, PortSwigger Agent | Last updated: Jul 05, 2022 10:42AM UTC

Thanks for your message. Confirming whether or not this is a false positive and whether this is mitigated via any of your security controls is not really a decision we can take for you. Having said that, we do have some resources that may help with your investigations: - https://portswigger.net/web-security/cross-site-scripting/dom-based - https://portswigger.net/blog/introducing-dom-invader - https://portswigger.net/burp/documentation/desktop/tools/dom-invader I hope this helps.

fostercarly | Last updated: Nov 07, 2022 07:20AM UTC

window.location.replace('http://example.com'); It’s better than using window.location.href = ‘http://example.com’; Using replace() is better because it does not keep the originating page in the session history, meaning the user won’t get stuck in a never-ending back-button fiasco. If you want to simulate someone clicking on a link, use window.location.href If you want to simulate an HTTP redirect, use window.location.replace You can use assign() and replace methods also to javascript redirect to other pages like the following: location.assign("http://example.com"); The difference between replace() method and assign() method(), is that replace() removes the URL of the current document from the document history, means it is not possible to use the “back” button to navigate back to the original document. So Use the assign() method if you want to load a new document, andwant to give the option to navigate back to the original document. http://net-informations.com/js/iq/load.htm

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.