XSS enables attackers to inject client-side scripts into web pages viewed by other users may can be lead to cookie stealing. Sometimes we had vulnerabilities in pure javascript which is written in js file or html file. For example we have created an array which we are rendering to give the output in HTML field.
The Code:
Preview:
That's code work properly but have some vulnerability. when the user give payload like this
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
the xss vulnerability will be trigger
How to fix?
1. change the innerHTML To innerText (conditional)
The code:
2. Give Filter input
Make Function
Use Function in array like this
Full Code: