Url:
https://test.com/Support/Employee/AllItems.aspx/?--%3E%3C/script%3E%3Cscript%3Ealert(235213)%3C/script%3E
In the above url it shows alert bydefault
Solution for this:
<script type="text/javascript">
var pageUrl = window.location.href;
var htmlTags = ["script", "style", "img", "font"];
for (i = 0; i < htmlTags.length; i++) {
var tagName = htmlTags[i].toString();
if (pageUrl.indexOf(tagName) > -1) {
window.location.href = pageUrl.split("?")[0];
}
}
</script>
the above code remove alert.
https://test.com/Support/Employee/AllItems.aspx/?--%3E%3C/script%3E%3Cscript%3Ealert(235213)%3C/script%3E
In the above url it shows alert bydefault
Solution for this:
<script type="text/javascript">
var pageUrl = window.location.href;
var htmlTags = ["script", "style", "img", "font"];
for (i = 0; i < htmlTags.length; i++) {
var tagName = htmlTags[i].toString();
if (pageUrl.indexOf(tagName) > -1) {
window.location.href = pageUrl.split("?")[0];
}
}
</script>
the above code remove alert.
No comments:
Post a Comment