Dangerous dynamic HTML insert detected.
- Rule ID: javascript_lang_dangerous_insert_html
- Languages: javascript
- Source: dangerous_insert_html.yml
Description
There are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.
Remediations
Make sure you use HTML sanitization library before inserting html
import sanitizeHtml from 'sanitize-html';
const html = `<strong>${user.Input}</strong>`;
document.body.innerHTML = sanitizeHtml(html)
Resources
Associated CWE
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.