Usage of vulnerable DOMPurify package
Last updated
Last updated
Rule ID: javascript_third_parties_dom_purify
Applicable Languages: Javascript
Weakness ID: CWE-79
For DOMPurify versions prior to 2.0.17, there are XSS vulnerabilities when using the sanitize function without proper configuration.
Do upgrade DOMPurify to version 2.0.17 or greater, and specify a secure configuration option.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our