Prevent Xss In Javascript

  • Deviant Design Merupakan Layanan Jasa Desain dan Social Media Management Yang Mempunyai Pusat Di Jember. Dengan layanan yang murah, cepat dan pastinya dengan kualitas kelas atas. Mampu mengatur segala kebutuhanmu dalam mengelola social media.


XSS enables attackers to inject client-side scripts into web pages viewed by other users may can be lead to cookie stealing. Sometimes we had vulnerabilities in pure javascript which is written in js file or html file. For example we have created an array which we are rendering to give the output in HTML field.


The Code:



Preview:

That's code work properly but have some vulnerability. when the user give payload like this
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
the xss vulnerability will be trigger


How to fix?
1. change the innerHTML To innerText (conditional)


The code:

2. Give Filter input



Make Function

Use Function in array like this


Full Code:

Artikel Terbaru