Client XSS Exercise-7
Data Flow
| Source of Data | Data from Source | Data to Sink | Sink causing Execution | |||
|---|---|---|---|---|---|---|
| location.hash | HTMLElement.innerHTML |
Vulnerable Code
let hash = location.hash;
let hashValueToUse = hash.length > 1 ? unescape(hash.substr(1)) : hash;
hashValueToUse = hashValueToUse.replace(/</g, "<").replace(/>/g, ">");
let msg = "<a href='#user=" + hashValueToUse + "'>Welcome</a>!!";
document.getElementById("msgboard").innerHTML = msg;