Unsanitized user input in dynamic HTML insertion (XSS)
PreviousUnsanitized user input in deserialization methodNextUnsanitized user input in DynamoDB query
Last updated
Last updated
Rule ID: javascript_lang_dangerous_insert_html
Applicable Languages: Javascript
Weakness ID: CWE-79
Unsanitized user input in dynamic HTML insertion can lead to Cross-Site Scripting (XSS) attacks. This vulnerability occurs when user-provided data is directly inserted into the DOM without proper sanitization, potentially allowing attackers to execute malicious scripts.
Do use an HTML sanitization library to clean user input before inserting it into the HTML. This practice helps prevent XSS attacks by removing or neutralizing potentially harmful scripts.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our