当选择policy scan type 去做verascan时,针对 window.location.href我们得到了 cross-Site-Script 和 Insufficient Input Validation 的错误。具体代码如下:
window.location.href = this.impactservice.getDownloadDataUrl(this.projectId);
解决方法:
1.
window.location.assign(this.impactservice.getDownloadDataUrl(this.projectId));
2.
window.location.href = decodeURIComponent(res.body.url);