[#44338] - Update debug.es6.js DOM Text Interpretd as html
- Closed
- 22 Oct 2024
- Medium
- Build: 5.2-dev
- # 44338
- Diff
- Shivam7-1:patch-1
User tests: Successful: Unsuccessful:
Summary of Changes
By using textContent, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text.
This helps make page more safer as compare to innerHTML and prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.
Link to documentations
Please select:
-
Documentation link for docs.joomla.org:
-
No documentation changes for docs.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | JavaScript Repository NPM Change |
| Title |
|
||||||
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2024-10-22 14:32:22 |
| Closed_By | ⇒ | HLeithner | |
| Labels |
Added:
NPM Resource Changed
PR-5.2-dev
|
||
Hii @HLeithner
Thanks For Reviewing 😃
Can here use dompurify for sanitize the HTML Which won't Change innerhtml behaviour and also It will get more Secure Also ?
How is it ?
Regards
Can here use dompurify for sanitize the HTML
You could use
joomla-cms/build/media_source/system/js/core.es6.js
Lines 739 to 743 in a28c352
Hii @dgrammatiko @HLeithner Thanks For Suggestions
Accordingly I had Done Here #44342
Could You Please Review This PR
Thanks
This won't work as we inject HTML on purpose here.