How to make jQuery secure from XSS?

389 Views Asked by At

I have a website that uses jquery and bootstrap.

Now when i run it through a scanning application, a bunch of issues show up including the use of append(), html() and write() and pointing to XSS attacks. These issues are found in bootstrap and jquery files (bootstrap.js).

After a search through stackoverflow i found secure alternatives to these jquery functions but unfortunately these alternatives break my application.

Is there any way for me to resolve the security issues without changing the underlying bootstrap code?

or is it somehow safe as there is no external input to the site and all the files come from a trusted source?

2

There are 2 best solutions below

3
On

or is it somehow safe as there is no external input to the site and all the files come from a trusted source?

Yes (assuming your trust in the source is not misplaced).

0
On

Use the .text() function for unsafe inputs:

var input = $("'/><script>alert('I am an attacker!')</script>").text();