-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
window.history.replaceState vulnerabilities potential in foundation.reveal #11380
Comments
This is not a security vulnerability imho. Also this depends on the html and is the same way how it is done in other frameworks and libraries who do deeplinking. |
Not true as this is only controllable from the html, not in the browser url. Also this just replaces the URL. |
This is the id of the reveal. |
We do not use the search param or any other user controlled value ;-) I see no real security issue. Just a replacement with the id from the DOM. |
Closing as we did not receive any further information. |
What should happen?
What happens instead?
manipulation of browser history
Possible Solution
window.history.replaceState('', document.title, window.location.href.replace(
#${this.id}
, ''));replace state shouldnt be assigned directly from the href url
Test Case and/or Steps to Reproduce
Test Case:
Discoverd by Burp Suite , you can manipulate the history by passing query string or hash
How to reproduce:
1.
2.
3.
Context
Your Environment
Checklist (all required):
The text was updated successfully, but these errors were encountered: