0

From the standpoint of Security vulnerability, is there any solution for replacing innerHTML

example

 td.innerHTML = "<b>"+change_obj["old_end_cust_id"]+"</b>," + "<br>" + change_obj["old_address"].join(",<br>")

We tried directly creation javascript elements as shown below, it works but a lengthy process

        var parentDivTag11 =  document.createElement("div");
        var parentBoldTag11 = document.createElement("b");
        parentBoldTag11.textContent = change_obj["old_end_cust_id"]+",";
        parentDivTag11.appendChild(parentBoldTag11);

        for (let i = 0; i < change_obj["old_address"]?.length; i++) {
            var divTag11 = document.createElement("div");
            divTag11.textContent=change_obj["old_address"][i]+",";;
            parentDivTag11.append(divTag11);
        }
       
        td.appendChild(parentDivTag11);
Improve this question
9
  • 3
    I think textContent is the best way to do it. Commented Mar 29, 2023 at 7:28
  • 1
    I think textContent is the safest but you can try escaping the input. Commented Mar 29, 2023 at 7:37
  • A safe way is to use DOMParser and then attach the returned elements. The DOMParser does not parse scripts. Commented Mar 29, 2023 at 7:49
  • 1
    This topic is well covered by previous questions and their answers. Commented Mar 29, 2023 at 8:03
  • 2
    @somethinghere - They didn't. It's for parsing, not sanitization. (Parsing enables sanitization, but it's just the first step.) Sanitization is a separate effort. Commented Mar 29, 2023 at 8:35
Related questions
12224
How can I remove a specific item from an array in JavaScript?
7610
How do JavaScript closures work?
8540
What does "use strict" do in JavaScript, and what is the reasoning behind it?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.