Client XSS Exercise-7


Data Flow

Source of Data Data from Source Data to Sink Sink causing Execution
location.hash HTMLElement.innerHTML

Vulnerable Code


    let hash = location.hash;
    let hashValueToUse = hash.length > 1 ? unescape(hash.substr(1)) : hash;
    hashValueToUse = hashValueToUse.replace(/</g, "&lt;").replace(/>/g, "&gt;");
    let msg = "<a href='#user=" + hashValueToUse + "'>Welcome</a>!!";
    document.getElementById("msgboard").innerHTML = msg;