Skip to content

Add fetch.response source #293

Closed
Closed
Add fetch.response source#293
Labels
enhancementNew feature or request
@TAI-ing

Description

@TAI-ing
TAI-ing
opened on May 25, 2025

To detect multi-taint flow vulnerabilities, it might be useful to add fetch.response as a source (similar to XMLHttpRequest.response)

Currently Foxhound does not detect the fetch.response => innerHtml data flow on the following page:

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
</head>

<body>
    <h1> XSS via fetch.response</h1>
    <script>
        var payload = decodeURIComponent(location.hash.substring(1))

        // Use fetch to make the request
        fetch(payload)
            .then(response => {
                if (response.ok) {
                    return response.text();
                } else {
                    throw new Error('Request failed with status: ' + response.status);
                }
            })
            .then(data => {
                console.log('Request successful:', data);
                document.body.innerHTML = data;
            })
            .catch(error => {
                console.error(error.message);
            });

    </script>
</body>
</html>

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions