I don't think most browsers support redirect to javascript anymore. Maybe IE? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ggggtez on Jan 4, 2019 \| parent \| context \| favorite \| on: Open redirects – a vulnerability class no one but ... I don't think most browsers support redirect to javascript anymore. Maybe IE?

dbielik on Jan 4, 2019 [–]

Yes, they still do depending on how you redirect (i.e. unsanitized: location.href = url).

A nice benefit of using a framework like angular, Vue, react, etc, is that they prevent attacks like this unless you explicitly disable those features.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact