1. Home
2. Questions
3. AI Assist Labs
4. Tags
6. Challenges
7. Chat
8. Articles
9. Users
11. Jobs
12. Companies
13. Collectives
14. Communities for your favorite technologies. Explore all Collectives
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

<script>document.write('<base href=“' + document.location + '” />');</script>

Ask Question

Asked 4 years, 8 months ago

Modified 4 years, 8 months ago

Viewed 1k times

1

I am getting cross-site Scripting: DOM critical issue. Please can anyone help with the alternateway of using document.write

<script>
document.write('<base href=“' + document.location + '” />');
</script>

asked Mar 1, 2021 at 13:35

cheema genupuri

135 bronze badges

You are using curly quotation marks in your example instead of the straight ASCII ones, "

toastal
– toastal

2021-03-02 05:40:19 +00:00
Commented Mar 2, 2021 at 5:40

Add a comment |

1 Answer 1

Sorted by:

0

You can use following to prevent DOM XSS:

<body>
<script>
document.body.innerHTML='<base href="' + encodeURI(document.location) + '" />';
</script>
</body>

answered Mar 2, 2021 at 5:21

Hacky

343 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Sign up or log in

Post as a guest

Name

Email

Required, but never shown

Post as a guest

Name

Email

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.