DOM XSS and createElement() and getElementsByTagName() methods
-
Hello, I am wondering if following methods in my script are vulnerable for DOM XSS attack? If yes, what is the best practice to write them. Kindly help if you can guide about it. 1. document.createElement() 2. document.getElementsByTagName() (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Thank you for your time. Best Regards, Supriya
-
Hello, I am wondering if following methods in my script are vulnerable for DOM XSS attack? If yes, what is the best practice to write them. Kindly help if you can guide about it. 1. document.createElement() 2. document.getElementsByTagName() (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Thank you for your time. Best Regards, Supriya
-
Wrong forum, that has nothing to do with Java, try http://www.codeproject.com/Forums/1640/Web-Development.aspx[^].
I am really sorry for that. Thank you for the correct group link. Best Regards, Supriya