Prevent Xss In Javascript

   



XSS enables attackers to inject client-side scripts into web pages viewed by other users may can be lead to cookie stealing. Sometimes we had vulnerabilities in pure javascript which is written in js file or html file. For example we have created an array which we are rendering to give the output in HTML field.


The Code:



Preview:

That's code work properly but have some vulnerability. when the user give payload like this
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
the xss vulnerability will be trigger


How to fix?
1. change the innerHTML To innerText (conditional)


The code:

2. Give Filter input



Make Function

Use Function in array like this


Full Code:

« Terbaru
Postingan Lebih Baru
Terlama »
Postingan Lama
Catatan: Hanya anggota dari blog ini yang dapat mengirim komentar.