Prevent XSS In Javascript

XSS enables attackers to inject client-side scripts into web pages viewed by other users may can be lead to cookie stealing. Sometimes we had vulnerabilities in pure javascript which is written in js file or html file. For example we have created an array which we are rendering to give the output in HTML field.

The Code:


That's code work properly but have some vulnerability. when the user give payload like this
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
the xss vulnerability will be trigger

How to fix?
1. change the innerHTML To innerText (conditional)

The code:

2. Give Filter input

Make Function

Use Function in array like this

Full Code:

Catatan: Hanya anggota dari blog ini yang dapat mengirim komentar.