Potential Security Issue: DOM-Based XSS via jumpPath Redirection

[shwet04]

While reviewing the code, I noticed a potential DOM-Based Cross-Site Scripting (DOM-XSS) vulnerability related to how redirection is handled via jumpPath in the client-side JavaScript.

This issue could allow an attacker to execute malicious JavaScript in a user's browser, leading to session hijacking, phishing attacks, or unauthorized actions.

Steps to Reproduce (Proof of Concept)

1. If an attacker can control the server response and set: jumpPath: javascript:alert('Hacked');

2. The following vulnerable code will execute: window.location.href = getBasePath() + xmlhttp.getResponseHeader("jumpPath");

3. This results in:
   window.location.href = "javascript:alert('Hacked');";

4. The browser executes the JavaScript, leading to arbitrary code execution.

## Impact

High Severity: Allows attackers to execute malicious JavaScript in users’ browsers.

Potential Risks: Account compromise, phishing, session hijacking.

Fix Priority: High 🚀

I truly appreciate the hard work of the maintainers and wanted to bring this to your attention for the security of the project and its users.

[diyhi]

你有测试的示例吗？

实测并不会产生window.location.href = "javascript:alert('Hacked');";这种结果。

window.location.href = getBasePath() + xmlhttp.getResponseHeader("jumpPath");

这段代码生成的路径是http://127.0.0.1:8080/javascript:alert('Hacked');这种，

这种链接根本就产生不了XSS漏洞