Skip to content

Commit

Permalink
IVYPORTAL-18029 High - Client-side cross-site scripting
Browse files Browse the repository at this point in the history 
- Fixed security check
  • Loading branch information
@mnhnam-axonivy
mnhnam-axonivy committed Dec 16, 2024
1 parent 622cb7a commit 6b4aa0a
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions AxonIvyPortal/portal/webContent/resources/js/iframe-task-template.js
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
var invalidIFrameSrcPath = false;

let taskUrl = new URLSearchParams(window.location.search).get("taskUrl");
let updateIframeSrc = (newSrc) => {
getPortalIframe().src = newSrc;
}

if (taskUrl){
if(taskUrl.endsWith('blank')){
window.history.back(document.referrer);
}
updateIframeSrc(taskUrl)
getPortalIframe().src = taskUrl;

Check warning

Code scanning / CodeQL

Client-side URL redirect Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.

Check failure

Code scanning / CodeQL

Client-side cross-site scripting High

Cross-site scripting vulnerability due to
user-provided value
Loading
.
}

loadIframe(false);
var recheckFrameTimer;
function loadIframe(recheckIndicator) {
Expand Down

0 comments on commit 6b4aa0a

Please sign in to comment.