stackoom
  简体   繁体   中英

Is jQuery .attr() method XSS safe?

 原文  2015-09-11 09:48:52       javascript/ jquery/ xss

Question

Here is my jquery code snippet 

       var testURL = $(location).attr('search').split('&');
       ....
       $(location).attr('search',testURL.join('&'));

Is attr() method XSS safe. Looks like not as i did not find anything related to escape at docs If not how can i escape it ?

UPDATE :-

Basically my question is in context of getting and setting both.First i am getting $(location).attr('search').split('&'); and doing split on it. Can there be any here here if query string contains malicious data?

Also while setting i am doing $(location).attr('search',testURL.join('&') , what if testURL contains malicious data ?

1 answers

solution1
 3 ACCPTED  2015-09-11 10:02:06

$(location).attr('search', whatever);

is equivalent to 

location.search = whatever;

So it's no more or less safe than the plain Javascript version.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is jQuery .text() method XSS safe? Using jQuery attr method attr() method trouble in jQuery Preventing XSS when using .attr('href', url) in jQuery XSS: How is this safe? Jquery attr method does not work on 'onMouseEnter' jQuery clone() issue when used with attr() method jQuery attr() method to change a class name select specific element using jQuery attr() Method Getting element attribute with jQuery .attr() method
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM