Cross-site scripting (DOM-based) burp issues

August 28, 2018, at 07:10 AM

In Burp Scanner Report, I got below issue

The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to $() via the following statement:

     $(location).attr('href',"/MYAPP/home.action");

How this can be avoided. Will below solution to prepend '/' work in this case or it will be still exploitable

     $(location).attr('href','/'+"MYAPP/home.action");

POPULAR ONLINE

Show content on a hovering div without affecting the height of div

A JSON database with behaviour like this file script

WooCommerce wc_add_notice() with custom notice_type and cart update

Learn, Share, Build

Visual Studio 2017 can't change project.csproj's <TypescriptModuleKind> for typescript transpiling

Infinite Loop of two ajax calls keep loading the page and not call success function

I run two functions that each one of this run ajax call in itAnd if call was success it calls that function again (infinite loop)

jQuery

Hardtime to select elements from a Hubspot generated form with jQuery

Someone gave me a javascript code coming from HubSpot to generate a form (I can't change directly the style of that form as I don't have the credentials)Thus, here is the code I'm using for generate the form:

jQuery

Using JQuery to set focus on a textbox based on it's CSS class

I'm trying to select all of the text in a textbox when the user sets focus to itI only want to do this for specific textboxes, and using the class assigned to them seems to be the simplest way

jQuery

Jquery MagicLine - issue when header is sticky

I have wordpress website, with blog post filtering on home pageWhen you click on one of the filters - the posts changing by the category of the chosen filter