简体繁体中英

How do you display user values safely when using Firebase?

原文 2022-03-14 01:01:32 9 1 firebase/ firebase-authentication

I've currently been setting up a website that uses Firebase Auth as its authentication system. When I was reading through the docs about getting information from a user's profile , I came across this text.

Be careful when setting (and later displaying) potentially user-facing UI values like displayName and photoURL. The API does not filter the values to prevent potential XSS-type attacks.

I was curious about how one would go about safely displaying a user's displayName to prevent XSS-type attacks?

1 answers

Since users can insert anything they want in the displayName and photoURL values in their profile, it is important that you always treat those values as potentially dangerous and don't mix them with your code.

If you're directly inserting the values into the DOM/HTML in client-side application code, the best way to do that is through a property like textContent which will automatically encode any non-text values.

Similarly in server-side code, you can use a HTML encoding function of your platform, like this one for .NET .

For more on this, see:

How do you display user info in fragment?

How do i display Firebase formatting errors as an Alert and display it to the user?

How do you host user-uploaded mp3 files on FireBase without quickly running out of bandwith when users access page?

User info display error using Firebase web

How do you add user-defined S3 metadata in when using django-storages

How do you mock Firebase Firestore methods using Jest?

How do you send a Firebase verification email (so that a user can verify their email) to a user in React Native?

How can display Picker item of firebase realtime using xamarain forms and add to firebase when select item

How do you upload a new file with a JSON on Firebase Storage using Firebase Functions?

In Firebase when using push() How do I pull the unique ID

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do you display user info in fragment? How do i display Firebase formatting errors as an Alert and display it to the user? How do you host user-uploaded mp3 files on FireBase without quickly running out of bandwith when users access page? User info display error using Firebase web How do you add user-defined S3 metadata in when using django-storages How do you mock Firebase Firestore methods using Jest? How do you send a Firebase verification email (so that a user can verify their email) to a user in React Native? How can display Picker item of firebase realtime using xamarain forms and add to firebase when select item How do you upload a new file with a JSON on Firebase Storage using Firebase Functions? In Firebase when using push() How do I pull the unique ID

Related Tags

How do you display user values safely when using Firebase?

Question

1 answers

solution1 1 ACCPTED 2022-03-14 03:34:00

solution1
1 ACCPTED 2022-03-14 03:34:00