Question

A social media platform has a feature that allows users to customize their profile pages with different themes. After selecting a theme, users are redirected to their profile page. The redirection uses a URL parameter redirect to specify the destination page, which is handled by client-side JavaScript that reads the parameter and sets window.location to its value without any validation. An attacker notices this behavior and crafts a link that, when clicked, redirects users to a malicious website.

Which of the following would be the BEST way to mitigate DOM for Open Redirect vulnerability while maintaining the redirection functionality?

quizzes.technology · Accepted Answer

Implement server-side redirection after verifying that the redirect parameter points to a trusted domain

quizzes.technology · Answer

Modify the JavaScript code to validate the redirect parameter against a list of allowed URLs before redirecting

quizzes.technology · Answer

Encrypt the redirect parameter so that it cannot be tampered with by unauthorized users

quizzes.technology · Answer

Change the redirect parameter to use the HTTP Referer header for determining the redirection URL

🛡️ Free practice test question from: DOM for Open Redirect Attack (Security+)

Question: 132

Question: 46

Question: 108

💬 Discussion and Feedback

Comments