chooper/redirect-to-xss.html

## redirect-to-xss.html
<!DOCTYPE html>
<!-- Demonstration of how a JavaScript redirect can be used as an XSS -->
<!-- For more more detail see https://subfn.net -->
<!-- Authored by Charles H ("subfn") <chooper@plumata.com> -->
<html>
  <head>
    <title>Testing JS redirect as XSS vector</title>
    <script>
      function goNext() {
        current_url = new URL(window.location.href);
        next_url = current_url.searchParams.get("next");
        console.log("Redirecting to " + next_url);
        window.location.href = decodeURIComponent(next_url);
      }
    </script>
  </head>
  <body>
    <p>Try <a href="?next=javascript:alert('xss')">redirect-to-xss.html?next=javascript:alert('xss')</a> and click the button</p>
    <button onClick="goNext();">Go</button>
  </body>
</html>
	<!DOCTYPE html>
	<!-- Demonstration of how a JavaScript redirect can be used as an XSS -->
	<!-- For more more detail see https://subfn.net -->
	<!-- Authored by Charles H ("subfn") <chooper@plumata.com> -->
	<html>
	<head>
	<title>Testing JS redirect as XSS vector</title>
	<script>
	function goNext() {
	current_url = new URL(window.location.href);
	next_url = current_url.searchParams.get("next");
	console.log("Redirecting to " + next_url);
	window.location.href = decodeURIComponent(next_url);
	}
	</script>
	</head>
	<body>
	<p>Try <a href="?next=javascript:alert('xss')">redirect-to-xss.html?next=javascript:alert('xss')</a> and click the button</p>
	<button onClick="goNext();">Go</button>
	</body>
	</html>