Joomla! Issue Tracker | Joomla! CMS #44339 - Update template.js DOM Text Interpretd as html

PR-5.2-dev

Closed
8 Nov 2024
Medium
Build: 5.2-dev
# 44339
Diff
Shivam7-1:patch-2

Pending

User tests: Successful: Unsuccessful:

Shivam7-1
22 Oct 2024

Summary of Changes

By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text.
This helps make page more safer as compare to innerHTML and prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.

Link to documentations

Please select:

Documentation link for docs.joomla.org:
No documentation changes for docs.joomla.org needed
Pull Request link for manual.joomla.org:
No documentation changes for manual.joomla.org needed

6db8493 22 Oct 2024

Update template.js

Shivam7-1 - open - 22 Oct 2024

Shivam7-1 - change - 22 Oct 2024

Status

New

⇒

Pending

Shivam7-1 - change - 22 Oct 2024

The description was changed

Shivam7-1 - edited - 22 Oct 2024

joomla-cms-bot - change - 22 Oct 2024

Category

⇒

JavaScript Repository

SniperSister - comment - 8 Nov 2024

The relevant strings are no user provided content, they are hardcoded - there is no vector.

If someone wants to test and fix this then please be aware that it's just a change for the sake of changing.

SniperSister - change - 8 Nov 2024

Status	Pending	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2024-11-08 08:25:06
Closed_By		⇒	SniperSister
Labels	Added: PR-5.2-dev

SniperSister - close - 8 Nov 2024

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#44339] - Update template.js DOM Text Interpretd as html

Summary of Changes

Link to documentations

Add a Comment