📊 User Dashboard

Your personalized command center

Welcome, Guest!

Quick Access

Select an option from the menu below.

Available Sections

👤 Profile ⚙️ Settings 📈 Analytics ✉️ Messages

🔗 URL Parameter Features

You can customize your dashboard experience using URL parameters:

  • ?user=YourName - Set your display name
  • #section - Jump to a specific section
  • ?theme=dark - Switch theme (coming soon)

Example: dashboard.html?user=Admin#profile

🔧 Developer Options

For testing and development, you can:

  • Modify URL parameters directly in the address bar
  • Use browser DevTools to inspect JavaScript behavior
  • Check the Console for debugging output

⚠️ These features are for authorized testing only!

', 'javascript:', 'onerror=', 'onload=' ]; let sanitized = input; for (let pattern of blockedPatterns) { // Case-sensitive replacement only sanitized = sanitized.split(pattern).join(''); } return sanitized; } // Process user parameter from URL query string function processUserParam() { const userParam = getUrlParameter('user'); const userDisplay = document.getElementById('user-display'); if (userParam) { // Apply basic validation const safeUser = validateInput(userParam); // VULNERABLE: Using innerHTML with user input userDisplay.innerHTML = safeUser; console.log('User parameter processed:', safeUser); } } // Process hash fragment for section navigation function processHashParam() { const hash = window.location.hash.substring(1); // Remove the # const contentArea = document.getElementById('content-area'); if (hash) { // VULNERABLE: Using innerHTML with hash content // Minimal validation on hash - just basic length check const displayHash = hash.length > 100 ? hash.substring(0, 100) : hash; // Different sections show different content const sections = { 'profile': '

👤 User Profile

Welcome to your profile section, ' + displayHash + '!

', 'settings': '

⚙️ Settings

Configure your preferences for ' + displayHash + '

', 'analytics': '

📈 Analytics

Viewing analytics for: ' + displayHash + '

', 'messages': '

✉️ Messages

You have messages from: ' + displayHash + '

' }; if (sections[hash]) { contentArea.innerHTML = sections[hash]; } else { // Custom hash content - more permissive here contentArea.innerHTML = '

📌 Section: ' + displayHash + '

Navigating to custom section...

'; } console.log('Hash parameter processed:', displayHash); } } // Alternative vulnerable function - for direct hash content injection function processDirectHash() { const hash = window.location.hash; // Check if hash contains custom content marker if (hash.includes('content=')) { const content = hash.split('content=')[1]; const contentArea = document.getElementById('content-area'); if (content) { // VULNERABLE: Direct innerHTML with minimal filtering // Only filters exact