2021-04-28 18:08:03 +02:00
DOM open redirect vulnerabilities occur when user-controlled data like the ``++document.location.hash++`` property is directly used to perform redirections.
User-controlled data should always be considered untrusted and validated before being used to modify the DOM.
2020-12-21 15:38:52 +01:00
== Noncompliant Code Example
2021-04-26 17:29:13 +02:00
Example of DOM open redirect vulnerability (``++http://vulnerable/page.html#\https://www.attacker.com/++``):
2020-12-21 15:38:52 +01:00
----
document.location = document.location.hash.slice(1);
----
2021-04-28 18:08:03 +02:00
2020-12-21 15:38:52 +01:00
== Compliant Solution
2021-04-26 17:29:13 +02:00
The URL can be validated with an allowlist:
2020-12-21 15:38:52 +01:00
----
function isValidUrl(url) {
if(url.startsWith("https://www.example.com/")) {
return true;
}
return false;
}
if(isValidUrl(document.location.hash.slice(1))) {
document.location = document.location.hash.slice(1);
}
----
2021-04-28 18:08:03 +02:00
== See
* https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control
* https://cwe.mitre.org/data/definitions/601.html[MITRE, CWE-601] - URL Redirection to Untrusted Site ('Open Redirect')
* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
