45 lines
963 B
Plaintext
45 lines
963 B
Plaintext
DOM open redirect vulnerabilities occur when user-controlled data like the ``++document.location.hash++`` property is directly used to perform redirections.
|
|
|
|
|
|
User-controlled data should always be considered untrusted and validated before being used to modify the DOM.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
Example of DOM open redirect vulnerability (``++http://vulnerable/page.html#https://www.attacker.com/++``):
|
|
|
|
----
|
|
document.location = document.location.hash.slice(1);
|
|
----
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
The URL can be validated with an allowlist:
|
|
|
|
----
|
|
function isValidUrl(url) {
|
|
if(url.startsWith("https://www.example.com/")) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
if(isValidUrl(document.location.hash.slice(1))) {
|
|
document.location = document.location.hash.slice(1);
|
|
}
|
|
----
|
|
|
|
include::see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|