Here is my jquery code snippet
var testURL = $(location).attr('search').split('&');
....
$(location).attr('search',testURL.join('&'));
Is attr() method XSS safe. Looks like not as i did not find anything related to escape at docs If not how can i escape it ?
UPDATE :-
Basically my question is in context of getting and setting both.First i am getting $(location).attr('search').split('&');
and doing split on it. Can there be any here here if query string contains malicious data?
Also while setting i am doing $(location).attr('search',testURL.join('&')
, what if testURL
contains malicious data ?
$(location).attr('search', whatever);
is equivalent to
location.search = whatever;
So it's no more or less safe than the plain Javascript version.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.