Dangerous dynamic HTML insert detected.

Description

There are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.

Remediations

Make sure you use HTML sanitization library before inserting html

import sanitizeHtml from 'sanitize-html';

const html = `<strong>${user.Input}</strong>`;
document.body.innerHTML = sanitizeHtml(html)

Resources

Associated CWE

OWASP Top 10

Ready to take the next step? Join the Bearer Cloud waitlist.