Javascript Dom Open Redirect
Description
Detects DOM-based open redirect vulnerabilities in JavaScript code where user-controlled input can influence navigation to arbitrary URLs. These vulnerabilities occur when untrusted data is used in methods or assignments that control page redirection without proper validation, potentially allowing attackers to redirect users to malicious sites.
Detection Strategy
• Identifies assignments to dangerous redirect-related properties like window.location, location.href, or document.location
• Detects calls to redirection methods like window.open(), location.replace(), or location.assign() with unvalidated input
• Analyzes data flow to check if the URL destination is derived from user-controllable sources like URL parameters, document.referrer, or window.name
• Reports a vulnerability when redirect targets can be influenced by user input without proper URL validation or sanitization checks
Vulnerable code example
// Get redirect URL from query parameter
const params = new URLSearchParams(window.location.search);
const redirectUrl = params.get("next");
window.location.href = redirectUrl; // Vulnerable: Direct assignment of user-controlled URL parameter✅ Secure code example
// Get redirect URL from query parameter
const params = new URLSearchParams(window.location.search);
const redirectUrl = params.get("next");
// Only allow relative paths to prevent open redirect attacks
if (redirectUrl && redirectUrl.startsWith("/")) {
window.location.href = redirectUrl; // Safe: Only relative paths allowed
} else {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.