I have the below js code
var a = window.location.href.substring(0,window.location.href.lastIndex('/')+1) + "logout.jsp";
setTimeout(function(){
window.location.href = a;
},1000);
When I am running a fortify scan for the above file, it is showing a security risk on the above line with Dynamic Code Evaluation :Code Injection. Now I am not able to understand on how to fix it. Do I need to add any encoder for window.href or how to resolve this. Also if we have encode , what I need to do.
I've found the following link... maybe it could help you:
https://security.stackexchange.com/questions/151806/jquery-js-dynamic-code-evaluation-code-injection-on-settimeout-line
Answered by Arminius.