javascript - Document Object Model (DOM) Cross-Site Scripting (XSS) vulnerability .js -
i not javascript coder , have issue. apparently code below uses location.href , document.write() without escaping location.href source. causing document object model (dom) cross-site scripting (xss) vulnerability. suggestions on how fix?
if(!_stns.bloaded){ var s=""; for(var in _stns.oimgs){ if(_stns.oimgs[i]!=2){ s+=_stns.fsgettag("div","style=\"display:none\"",_stns.fsgetimgtag(i,-1,-1)); } _stns.oimgs[i]=2; } document.write(s); } },bisie:false,bismie:false,bisfx:false,bisop:false,bissf:false,biskq:false,onav:null,brtl:false,sdocmd:null,surl:window.location.href+"",sdir:null,blocal:false,fsgetdocmd:function(w){ var w=w||window; switch(w.document.compatmode){ case "quirksmode": case "backcompat": return "quirks"; case "css1compat": return "css1"; default: return document.compatmode; }
wiki
Comments
Post a Comment