stackoom
  简体   繁体   中英

i am getting warning Cross-site Scripting (XSS) with innerHTML

 原文  2021-10-29 16:47:50       javascript/ jquery/ node.js/ xss/ angular-dom-sanitizer

Question

I have a code where I need to send HTML with inner Html but my code is not passing the security testing it showing Cross-site Scripting (XSS) warning.

how to use innerHtml with out Cross-site Scripting (XSS) issue.

 if (e.currentTarget) {
            const { reamoreid } = e.target.dataset;
            axios.get(`/single-readmore/${reamoreid}`).then((response) => {
                readMoreContent.innerHTML = DOMPurify.sanitize(readmoreInfo(response.data));
            });

I need some information about how to fix the issue.

1 answers

solution1
 0  2021-10-29 17:26:22

Due to CORS policy, you cannot view the response of a packet if it does not contain "Access-Control-Allow-Origin: *" header. If you don't own the server, use a CORS proxy. Example: https://cors-anywhere.herokuapp.com/https://google.com
(link will not work if sent through the address line)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question call to innerHTML contains a cross-site scripting (XSS) Getting reflected Cross-Site Scripting (XSS) attack in node js Cross-site Scripting (XSS) using a hyphen Do we need Html Encoding if I am using ValidationRequest=True to prevent from XSS(Cross-site scripting) in asp.net? Fortify scan issue for (XSS) Cross-Site Scripting: DOM C# MVC Cross-Site Scripting (XSS) Prevention How to prevent our URL from Cross-site scripting (XSS)? Avoid cross-site scripting (XSS) in vue toasted notification title JavaScript, This can enable a Reflected Cross-Site Scripting (XSS) attack cross-site scripting
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM