Cross-site scripting (DOM-based) burp issues

57
August 28, 2018, at 07:10 AM

In Burp Scanner Report, I got below issue

The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to $() via the following statement:

     $(location).attr('href',"/MYAPP/home.action");

How this can be avoided. Will below solution to prepend '/' work in this case or it will be still exploitable

     $(location).attr('href','/'+"MYAPP/home.action");
READ ALSO
Infinite Loop of two ajax calls keep loading the page and not call success function

Infinite Loop of two ajax calls keep loading the page and not call success function

I run two functions that each one of this run ajax call in itAnd if call was success it calls that function again (infinite loop)

67
Hardtime to select elements from a Hubspot generated form with jQuery

Hardtime to select elements from a Hubspot generated form with jQuery

Someone gave me a javascript code coming from HubSpot to generate a form (I can't change directly the style of that form as I don't have the credentials)Thus, here is the code I'm using for generate the form:

69
Using JQuery to set focus on a textbox based on it's CSS class

Using JQuery to set focus on a textbox based on it's CSS class

I'm trying to select all of the text in a textbox when the user sets focus to itI only want to do this for specific textboxes, and using the class assigned to them seems to be the simplest way

68
Jquery MagicLine - issue when header is sticky

Jquery MagicLine - issue when header is sticky

I have wordpress website, with blog post filtering on home pageWhen you click on one of the filters - the posts changing by the category of the chosen filter

45