jQuery安全问题-链接操作(基于DOM) [英] JQuery Security Issue - Link manipulation (DOM-based)
问题描述
BURP套件针对以下情况存在链接操纵(基于DOM)问题: /jquery-3.3.1.js
There is Link manipulation (DOM-based) issue identified by BURP suite against /jquery-3.3.1.js
问题出在代码中:
//用于分析文档原点的锚标记
// Anchor tag for parsing the document origin
originAnchor = document.createElement("a");
originAnchor = document.createElement( "a" );
originAnchor.href = location.href;
任何人都可以评论该问题是否为假阳性. 该问题仍然存在于该库的最新版本中.
Could anyone comment if the issue is false positive or not. The issue remains in the newest version of the library too.
谢谢
推荐答案
以下是Burp支持人员的答案:
Here is an answer from Burp support:
我认为这两个都不会对安全产生重大影响,所以是的,它们都是误报.
'I don’t see any significant security impact from either of those, so yes, they are false positives.
Burp中的JavaScript分析非常详尽,但不幸的是确实会产生一些误报.'
The JavaScript analysis within Burp is very thorough, but unfortunately does produce some false positives.'
发现是假阳性.
这篇关于jQuery安全问题-链接操作(基于DOM)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
