Reputation: 25
How to make jQuery secure from XSS?
I have a website that uses jquery and bootstrap.
Now when i run it through a scanning application, a bunch of issues show up including the use of append(), html() and write() and pointing to XSS attacks. These issues are found in bootstrap and jquery files (bootstrap.js).
After a search through stackoverflow i found secure alternatives to these jquery functions but unfortunately these alternatives break my application.
Is there any way for me to resolve the security issues without changing the underlying bootstrap code?
or is it somehow safe as there is no external input to the site and all the files come from a trusted source?
Upvotes: -4
Views: 540
Answers (2)
Reputation: 925
Use the .text() function for unsafe inputs:
var input = $("'/><script>alert('I am an attacker!')</script>").text();
Upvotes: 0
Reputation: 944454
or is it somehow safe as there is no external input to the site and all the files come from a trusted source?
Yes (assuming your trust in the source is not misplaced).
Upvotes: 0
Related Questions
- How to prevent Client DOM XSS vulnerability in javascript?
- How prevent DOM XSS
- Prevent XSS in jQuery html()
- How to prevent cross-site scripting using javascript
- jQuery safe injection of html
- XSS attack prevention
- xss javascript protection
- How to fix XSS vulnerabilities on javascript?
- Protect JQuery code against XSS
- Prevent XSS attack