2021-04-28 18:08:03 +02:00
DOM open redirect vulnerabilities occur when user-controlled data like the ``++document.location.hash++`` property is directly used to perform redirections.
User-controlled data should always be considered untrusted and validated before being used to modify the DOM.
2020-12-21 15:38:52 +01:00
== Noncompliant Code Example
2021-06-04 06:06:22 +02:00
Example of DOM open redirect vulnerability (``++http://vulnerable/page.html#https://www.attacker.com/++``):
2020-12-21 15:38:52 +01:00
2022-02-04 17:28:24 +01:00
[source,javascript]
2020-12-21 15:38:52 +01:00
----
document.location = document.location.hash.slice(1);
----
2021-04-28 18:08:03 +02:00
2020-12-21 15:38:52 +01:00
== Compliant Solution
2021-04-26 17:29:13 +02:00
The URL can be validated with an allowlist:
2020-12-21 15:38:52 +01:00
2022-02-04 17:28:24 +01:00
[source,javascript]
2020-12-21 15:38:52 +01:00
----
function isValidUrl(url) {
if(url.startsWith("https://www.example.com/")) {
return true;
}
return false;
}
if(isValidUrl(document.location.hash.slice(1))) {
document.location = document.location.hash.slice(1);
}
----
2021-04-28 18:08:03 +02:00
2021-10-28 10:07:16 +02:00
include::see.adoc[]
2021-04-28 18:08:03 +02:00
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
endif::env-github,rspecator-view[]
