DOM XSS issue with ajax return value in jquery
Question
I am facing DOM XSS issue with below code where on ajax success I am getting data as a return value which I am passing to one of my div and this code is creating DOM XSS.
Can anyone please help me to resolve this issue. Return values is coming as HTML data and which I need to assign to DIV.
$.ajax({
url: 'API/MyDemoURL',
type: 'POST',
data: { id: 1},
cache: false,
success: function (data) {
$("#div1").html(data);
}
});
I was trying with Escape HTML or encode HTML but it replace tags with code and which assign it to div and it print this as string.
Data Coming from server side:-
"<table><tr><td>hello World!!</td></tr></table>"
1 answers
solution1
2 2018-04-27 08:30:48
The HTML is generated by your C# code on the server side. Therefore, in order to fix your XSS vulnerability you must properly encode data in your C# code while generating the HTML. The bug lies within your C# code, not your JS code.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.