Client-side cross-site scripting¶
ID: js/xssKind: path-problemSecurity severity: 7.8Severity: errorPrecision: highTags: - security - external/cwe/cwe-079 - external/cwe/cwe-116Query suites: - javascript-code-scanning.qls - javascript-security-extended.qls - javascript-security-and-quality.qls
Click to see the query in the CodeQL repository
Directly writing user input (for example, a URL query parameter) to a webpage without properly sanitizing the input first, allows for a cross-site scripting vulnerability.
This kind of vulnerability is also calledDOM-based cross-site scripting, to distinguish it from other types of cross-site scripting.
Recommendation¶
To guard against cross-site scripting, consider using contextual output encoding/escaping before writing user input to the page, or one of the other solutions that are mentioned in the references.
Example¶
The following example shows part of the page URL being written directly to the document, leaving the website vulnerable to cross-site scripting.
functionsetLanguageOptions(){varhref=document.location.href,deflt=href.substring(href.indexOf("default=")+8);document.write("<OPTION value=1>"+deflt+"</OPTION>");document.write("<OPTION value=2>English</OPTION>");}
References¶
OWASPDOM Based XSS.
Wikipedia:Cross-site scripting.
Common Weakness Enumeration:CWE-79.
Common Weakness Enumeration:CWE-116.