Javascript Cordova Open Redirect

Description

Detects potential open redirect vulnerabilities in Cordova applications using InAppBrowser.open API. This security issue occurs when untrusted or unvalidated URLs are passed to cordova.InAppBrowser.open(), which could allow attackers to redirect users to malicious websites.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

• Identifies calls to cordova.InAppBrowser.open in the JavaScript code

• Checks if the first argument (URL parameter) passed to the open() function comes from an untrusted source

• Reports a vulnerability when the URL parameter is derived from user input or other untrusted sources without proper validation

Vulnerable code example

function openExternalUrl() {
    const urlParams = new URLSearchParams(window.location.search);
    const targetUrl = urlParams.get('redirect');
    // VULNERABLE: Opens external URL without validation, allowing malicious redirects
    cordova.InAppBrowser.open(targetUrl, '_system');
}

✅ Secure code example

function openExternalUrl() {
    const urlParams = new URLSearchParams(window.location.search);
    const targetUrl = urlParams.get('redirect');
    const allowedDomains = ['trusted-domain.com', 'api.trusted-domain.com'];
    
    try {
        const url = new URL(targetUrl);
        // Check if URL hostname matches any allowed domain...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.