I came across these codes and I think a XSS exploit can be squeeze out of here but I don’t understand what this code does exactly. So I couldn’t write any successful XSS payload.
var hashvalue = window.location.hash.substring(1);
var i = $("[id *= ‘" + hashvalue + "’]");
Can you explain (specifically the role of * , $ and [ ] signs) the code a bit more?
I am not that good at JS so don’t judge me too much
var hashvalue = window.location.hash.substring(1);
extracts hash value from the URL, without actually # sign (substring() call starts from first sign, but chars in strings are indexed started from 0, so what you get is a part of url hash starting from first char after #).
So let’s say you’ve got an url:
http://server.com/somepage#test
When first line of your code runs, variable hashvalue equals ‘test’
Second line of code actually assigns to variable named i an element (I assume $ is global reference to jQuery, which is typical)
So:
var i = $("[id *= '" + hashvalue + "']");
means: "find in DOM tree an element, which id attribute equals ‘test’
id *= “some values”
is equal to: id = id * "some values"
It is equal to a += b that is a = a + b and so.
I guess the $ is part of the syntax of JQuery regarding to asing values to variables.
And the brackets [ ] are part of some of the generated value. If you see they are part of concatenation.
I’m not master of JS, I just have some knowledge about programming and I don’t remember where I read about JQuery and it looks like that.