views:

351

answers:

4

On a page from a website (one of ours) I can enter in the url the following code:

javascript:createNewWindow('Something', 100, 100, 'Text')

Is there a way someone can exploit this?

function createNewWindow(url, widthIn, heightIn, title) 
     {
      var strOptions='toolbar=0,location=0,directories=0,status=1,menubar=0,scrollbars=1,resizable=1,width=' + widthIn + ',height=' + heightIn;
      var newWin = open( url,title,strOptions ); 
      newWin.focus();
     }
+1  A: 

Given that code, the createNewWindow() script isn't any more vulnerable than the raw javascript.

Adam N
+1  A: 

The function createNewWindow() has exactly the same vulnerabilities as window.open(). You probably don't need to be concerned about that.

If your comment about adding the code means that you were able to submit

javascript:createNewWindow('Something', 100, 100, 'Text')

in a form input (or as a query string parameter) and have it show up in the rendered HTML, then your application is indeed very vulnerable to several types of attacks, but not due to the createNewWindow() function. In that case, the problem would be rendering unchecked data from the browser.

Joseph Bui
There is no vulnerability in createNewWindow. You have post some evidence.
Rook
+1  A: 

That will be not unsafe itself, you need to take care in the other parts of the application to prevent exploits. Be sure to validate all the information that becomes from the browser, your database, an external service, an anything else that you do not control.

Learning about Cross-Site-Scripting (aka XSS or CSS) will help you understand the risks of that code.

Diego Jancic
A: 

In general javascript running on your site is not the source of vulnerabilities. You should be worrying about the server side of the application.

However! You can introduce vulnerabilities into your site using javascript. Its called DOM Based XSS. The code you posted isn't vulnerable to DOM Based XSS.

Rook