0

Which XSS attacks could be done when redirecting with window.location and user input data.

I think this ones

  • User can write a post with a title that contains http:// so the end user ends up on a bad site.
  • User can write a post with title "javascript:EvilCode()" I think this will be executed in some browsers?
4

1 回答 1

3

如果您不先对数据进行 URL 编码,您可能会允许XSS 。

于 2012-10-16T11:15:25.007 回答