Is this code vulnerable to DOM based XSS? jquery wrap()

Asked Feb 03 '19 at 17:58

Active Feb 03 '19 at 18:28

Viewed 437 times

Data is read from window.location and passed to the wrap() function of function of jQuery via the following statement:

t.Location.wrap(window.location)

The version of jQuery in use is the 1.12.1 - Is this code vulnerable to DOM based XSS?

edited Feb 03 '19 at 18:28

Joe

asked Feb 03 '19 at 17:58

John Flow

Difficult to tell when we don't know what `t.Location` is. Would you be willing to add more context and detail to your question? – EdOverflow Feb 04 '19 at 16:37
try it with a script tag. if it calls `.html()` internally, it's likely vulnerable. – dandavis Feb 04 '19 at 21:54

0 Answers0