All geek questions in one place

Is using document.write to display window.location.search unsafe / vulnerable to xss?

I have a page where I just want to transfer the request to another page. There is no server programming available only HTML for this particular client (I can only use javascript / jquery). They have a process when they want to transfer a couple of parameters to the pricing page, for example:

http://www.mydomain.com/pricing.html?affiliate=123&store=345

On the price page, all I want to do is collect the full request (? Affiliate = 123 & store = 345) and transfer it to the application page:

 http://www.mydomain.com/application.html?affiliate=123&store=345

If I use the following javascript to link to the pricing page to pass them to the application page, can I submit any cross-site scripts or other vulnerabilities?

 <script type="text/javascript">document.write('<a href="http://www.mydomain.com/application.html'+location.search+'">Apply Now</a>');</script>
+4
source share
2 answers

Yes, you are vulnerable to XSS.

 $("<a>").attr("href", 'http://www.mydomain.com/application.html'+location.search).text("Apply now").appendTo(document.body)
+1
source

The short answer is, you do not enter any vulnerabilities that do not yet exist (since you are already transferring this information through the query line to the pricing page).

A longer answer, it depends on what you do with the information on the application.html page. If you allow the variables passed in the query line to change the state or access to protected information on the server or load them, for example. SQL query without validation, then yes, you enter vulnerabilities. But this will not change, just using another method to pass parameters (i.e.POST) - this is a characteristic of how you check and use the data after receiving it.

0
source

Source: https://habr.com/ru/post/1502084/

More articles:


All Articles