Skip to content

Commit

Permalink
IVYPORTAL-18029 High - Client-side cross-site scripting
Browse files Browse the repository at this point in the history 
- Try to fix Client-side cross-site scripting
  • Loading branch information
@mnhnam-axonivy
mnhnam-axonivy committed Dec 16, 2024
1 parent 6b4aa0a commit c8474f3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion AxonIvyPortal/portal/webContent/resources/js/iframe-task-template.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ if (taskUrl){
if(taskUrl.endsWith('blank')){
window.history.back(document.referrer);
}
getPortalIframe().src = taskUrl;
getPortalIframe().src = new URLSearchParams(window.location.search).get("taskUrl");

Check warning

Code scanning / CodeQL

Client-side URL redirect Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.

Check failure

Code scanning / CodeQL

Client-side cross-site scripting High

Cross-site scripting vulnerability due to
user-provided value
Loading
.
}

loadIframe(false);
Expand Down

0 comments on commit c8474f3

Please sign in to comment.