DEVHIDE
Login Or Sign up

jquery xss prevention when using html()

1.5k Views Asked by At

I have this line of code with jquery, and I have been told that this line is vulnerable to xss, because I didn't escape the raw data before inject it using html() function.

Please let me know how to escape the data to make it more secure. (I can use javascript instead if that would solve the problem ie. get element by id etc.)

var data= "Some data from user or elsewhere";

$("output_area").html(data);

javascript jquery xss
Original Q&A
1

There are 1 best solutions below

2
On BEST ANSWER

You'd have to use:

$("output_area").text(data)

If you want to inject HTML code, then you'd need to extract from the data and adding them as texts to HTML code that you yourself construct ($('<p/>').text(extractedParagraph), etc).

Related Questions in JAVASCRIPT

Related Questions in JQUERY

Related Questions in XSS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.