I'm not the strongest JS user, but I need it and wrote some code for my web page that works on Apache and PHP. In my ajax request I have the following code:

if (dataX['var1'] == '1.1' || dataX['var1'] == '2.1') { window.location.href = '' }

If I use XSStrike to check for potential vulnerabilities on my system, I get messages that may be injectable.

Can someone help me fix it? Do I need like a freeze or something to fix it? Sorry, I don't know how an attacker can use this. Thanks for any helpful help. good luck.

What have I tried? I tried asking on that channel? !