www.webdeveloper.com
Results 1 to 3 of 3

Thread: Is this javascript vulnerable for XSS?

  1. #1
    Join Date
    Oct 2012
    Posts
    2

    Is this javascript vulnerable for XSS?

    Im woundering if this code is vulnerable for XSS attacks?

    Javascript function:
    Code:
    function viewImage(i) {
    	img = document.getElementById("largesize");
    	img.src = i.src;
    }
    and the call to the function in the code:
    Code:
    <img src="photos/image1.jpg" onclick="viewImage(this)">
    <img src="photos/image2.jpg" onclick="viewImage(this)">
    etc

    Is it somehow possible to call the function with other values than the one in the code and enter malicious code?

    Is it safer or unsafer to call the function like this instead?
    Code:
    <a href="javascript:viewImage('photos/image1.jpg');"><img src="photos/image1.jpg"></a>
    The image is showed here after the call:
    Code:
    <img src="photos/image1.jpg" id="largesize">

  2. #2
    Join Date
    Aug 2008
    Location
    Sweden
    Posts
    227
    It's all safe. And I would use the first method, not because it's safer or unsafer, but simply because you don't have to write the image url two times. And also, it's less code.

  3. #3
    Join Date
    Jul 2008
    Location
    urbana, il
    Posts
    2,787
    javascript doesn't have any XSS vulnerabilities, CMSs and comment systems do...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles