Simon Edström
Reputation: 6619
What XSS attacks could be done with window.location
Which XSS attacks could be done when redirecting with window.location and user input data.
I think this ones
- User can write a post with a title that contains
http://so the end user ends up on a bad site. - User can write a post with title "
javascript:EvilCode()" I think this will be executed in some browsers?
Upvotes: 0
Views: 4231
Answers (1)
just.another.programmer
Reputation: 8785
You are potentially allowing XSS if you don't URL encode the data first.
Upvotes: 3
Related Questions
- javascript window.location do I need to escape?
- Is this code assigning to window.location vulnerable to XSS?
- Is window.location = window.location susceptible to XSS
- prevent using javascript in window.location
- window.location and SEO
- javascript: will window.location make any warnings?
- JavaScript window.location behaviour
- problem using window.location
- Is there any case where window.location will not work in a browser? (except js turned-off)
- IS it safe to use window.location to query the GET params of a page?