[Esapi-user] Javascript security vulnerability - top.location.href

Bina Keshava bina.keshava at gmail.com
Fri Sep 7 10:55:41 UTC 2012


Hi ,

how can prevent XSS vulnerability with java script.

The HP WebInspect tool is reporting the following to
be an issue :

 function _getHash() {

        var href;
        var i;

        href = top.location.href;
        i = href.indexOf( "#" );
        return i >= 0 ? href.substr( i + 1 ) : null;
    }


The error it reports is :

Source: Read ~localScope.~parent.~parent.top.location.href from __getHash



Any suggestions how i can use the ESAPI api's to fix this.

Thanks
Bina


More information about the Esapi-user mailing list