Is window.history.back() safe to use?

I am doing a penetration test on a web application and it is using window.history.back() to go back to the previous page. Is this safe to use?

For example, if I visit google.com and then go to the web application and then press back, it would present me with google.com again. Similarly, if an attacker could somehow simulate this in an iframe (if that gets stored in the window’s history) or if the user visits the URL (but that would be pointless) or possibly alter some sort of caching mechanism. What real ways are there to exploit this?

Is this an actual issue or am I overthinking?

Answer

You can read about windows.history Mozilla website. Briefly it explains that history.back() is not different than clicking on the back button in your browser. I think that you are overthinking about windows.history.back, but not about window.history object itself!.

If I explain in detail it would be out of the topic, however, I can shortly claim that window.history.pushState() or window.history.replaceState() methods are more worth to worry about. The browser history manipulation is possible. You can also check out about it from : Manipulating the browser history

Leave a Reply

Your email address will not be published. Required fields are marked *