I'm not the strongest JS user, but I need it and wrote some code for my web page that works on Apache and PHP. In my ajax request I have the following code:
if (dataX['var1'] == '1.1' || dataX['var1'] == '2.1')
{
window.location.href = '<domain>'
}
If I use XSStrike to check for potential vulnerabilities on my system, I get messages that may be injectable.
Can someone help me fix it? Do I need like a freeze or something to fix it? Sorry, I don't know how an attacker can use this. Thanks for any helpful help. good luck.
What have I tried? I tried asking on that channel? !
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
test. .
test. . .
If
Or just change the hash<domain>can contain arbitrary unchecked strings, then if an attacker has previously successfully saved any string they wanted as "domain", they will gain access to your page scope . In this case, it's highly questionable what they could do except redirect to their server, since the code in<domain>won't be executed due to the page change. I'm not sure about a locationSuch an answer