Search This Blog

Thursday, April 13, 2017

Validate XSS reflection attacking page URL


Url:
https://test.com/Support/Employee/AllItems.aspx/?--%3E%3C/script%3E%3Cscript%3Ealert(235213)%3C/script%3E

In the above url it shows alert bydefault
Solution for this:
<script type="text/javascript">
       var pageUrl = window.location.href;
       var htmlTags = ["script", "style", "img", "font"];
       for (i = 0; i < htmlTags.length; i++) {
           var tagName = htmlTags[i].toString();
           if (pageUrl.indexOf(tagName) > -1) {
               window.location.href = pageUrl.split("?")[0];            
           }
       }
 </script>

the above code remove alert.

No comments:

Post a Comment