Thomas,
This piece of code is in nocache.js
*function getDirectoryOfFile(path){*
* var hashIndex = path.lastIndexOf('#');*
* if (hashIndex == -1) {*
*hashIndex = path.length;*
* }*
* var queryIndex = path.indexOf('?');*
* if (queryIndex == -1) {*
*q
:
>
> The question is: have you found where this script is coming from? 'cause I
> can't.
>
> On Tuesday, April 16, 2013 5:46:34 PM UTC+2, Shashank Raj Holavanalli
> wrote:
>>
>> I know exactly what is happening here. The variable "r" has everyth
I know exactly what is happening here. The variable "r" has everything
that is present in the browser address bar. So a hacker can inject some
html in the URL like this http://domain.com/. When
variable "r" is written to document using document.write(lc + r + uc) the
script injected gets writt
I am facing the same issue as well. So are you telling us this is a false
XSS vulnerability detection ?
On Friday, November 9, 2012 2:31:34 PM UTC-5, Joseph Lust wrote:
>
> But the only doc.write in either version of computeScriptBase is clearly
> a string literal, not an injection worry. Perhap