How to deal with this code ? Data is read from document.location and passed to $() via the following statements:
var url = document.location.toString();
$('.nav-tabs a[href="#' + url.split('#')[1] + '"]').tab('show');
Asked
Active
Viewed 711 times
0
Parth Pithadia
- 276
- 1
- 3
- 18
-
Are you trying to exploit it or defend it? – Erlend Aug 11 '20 at 12:20
-
Trying to defend as its showing in BURP report.. – Parth Pithadia Aug 21 '20 at 06:40
1 Answers
0
The question is this case would be what could come after the # in the URL. Most browsers will URL-encode special chars, but there may still be ways to get around it, especially in legacy browsers.
Regardless of that, I think it's a good idea to validate data before you use it. If you can restrict the accepted values to let's say a-z (and possibly numbers and dashes), there shouldn't be a way to exploit it.
var tab = document.location.toString().split('#')[1];
if (tab && !/[^a-zA-Z0-9]/.test(tab)) $('.nav-tabs a[href="#' + tab + '"]').tab('show');
Erlend
- 4,336
- 22
- 25