Potential fix for code scanning alert no. 2: DOM text reinterpreted as HTML
By AmmarBasha2011
Assigned to
Potential fix for [https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/2](https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/2) To fix the issue, we need to ensure that any untrusted data interpolated into HTML is properly escaped to prevent XSS. Instead of using `innerHTML` to set the content of the `location` element, we should use `textContent` for the dynamic parts (`error.file` and `error.line`) to ensure they are treated as plain text. For the static HTML structure (`Location:`), we can create and append DOM elements programmatically. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._
Labeled:
May 24, 2025 at 02:41AM
via GitHub https://ift.tt/w9y1kR5
By AmmarBasha2011
Assigned to
Potential fix for [https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/2](https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/2) To fix the issue, we need to ensure that any untrusted data interpolated into HTML is properly escaped to prevent XSS. Instead of using `innerHTML` to set the content of the `location` element, we should use `textContent` for the dynamic parts (`error.file` and `error.line`) to ensure they are treated as plain text. For the static HTML structure (`Location:`), we can create and append DOM elements programmatically. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._
Labeled:
May 24, 2025 at 02:41AM
via GitHub https://ift.tt/w9y1kR5