DOM open redirect vulnerabilities occur when user-controlled data like the ``++document.location.hash++`` property is directly used to perform redirections.


User-controlled data should always be considered untrusted and validated before being used to modify the DOM.


== Noncompliant Code Example

Example of DOM open redirect vulnerability (``++http://vulnerable/page.html#https://www.attacker.com/++``):

[source,javascript]
----
document.location = document.location.hash.slice(1);
----


== Compliant Solution

The URL can be validated with an allowlist:

[source,javascript]
----
function isValidUrl(url) {
  if(url.startsWith("https://www.example.com/")) {
    return true;
  }

  return false;
}

if(isValidUrl(document.location.hash.slice(1))) {
   document.location = document.location.hash.slice(1);
}
----

include::see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

endif::env-github,rspecator-view[]