To start, let’s define what the internals of a URL looks like:
For our purposes, we care about the scheme, authority, path, query, and fragment. You can think of the scheme as the protocol, i.e., HTTP or HTTPS. The authority is the root or domain, for example, mycompany.com. The path, query, and fragment make up the rest of the URL. The URL spec defines each segment in this specific order. For example, the scheme always comes before the authority. The path comes after the scheme and authority. The query and fragment come after the path if there is one in the URL.
Read this, if thinking about using fragment in URL.
Alice runs a web site, Bob visits it, authenticates and receives a session cookie. (Some time might pass here, Bob might even close his browser.) Charlie sends Bob a mail saying “check out this cool link!”. Bob opens the link, which leads to a site controlled by Charlie. The page redirects Bob’s browser to a page on Alice’s site with an attack payload in the hash. The payload is executed, and since the browser still remembers the cookies, it can just send them to Charlie
https://stackoverflow.com/questions/1822598/getting-url-hash-location-and-using-it-in-jquery
Read more here
Add to favorites