DOM XSS in functions.js

[Jackcoldrick]

Hi Guys,

I’ve noticed within your ‘functions.js’ file which resides in /themes/dante/js/ that there is a block of code that is vulnerable to DOM XSS. I’m wondering If I remove this code from functions.js will it cause other components within the theme to break ? Is this code really needed?

// SET DESIRED TAB ON LOAD
   setTimeout(function() {
      if (jQuery('.spb_tabs').length > 0) {                                     
           // Show correct tab on page load
           var url = document.location.toString();
           if (url.match('#') && jQuery('.nav-tabs a[href=#'+url.split('#')[1]+']').length > 0) {
                              var thisTab = jQuery('.nav-tabs a[href=#'+url.split('#')[1]+']'),
                              parentTabs = thisTab.parents('.spb_tabs'),
                               tabHash = url.split('#')[1];
                                                                                    
           jQuery('.nav-tabs a[href=#'+tabHash+']').tab('show');
}

Thanks

[Mohammad – SUPPORT]

Hi,
This code used for Tab functionality. You can remove it if you dont use tab anywhere.
Thanks
Mohammad

[Jackcoldrick]

thanks

[Mohammad – SUPPORT]

Hi,
You most welcome.
Thanks
Mohammad

[Jackcoldrick]

This issue is resolved guys could you please update. many thanks

[David Martin – Support]

Sure, marking as resolved.
-David.