-
-
Notifications
You must be signed in to change notification settings - Fork 777
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Securing wins.js
from XSS vulnerability due to innerHTML
#6303
Comments
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as outdated.
This comment was marked as outdated.
Hi @danvgar, thank you for taking up this issue! Hfla appreciates you :) Do let fellow developers know about your:- You're awesome! P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :) |
Happy to take on this issue. Just assigned it to myself and will provide an update by EOW. |
@danvgar I am moving this issue to the in progress column, since you are working on it. On future issues please move the issue after you self assign. |
Ah sorry, thank you for catching that, @ExperimentsInHonesty ! |
Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.
If you need help, be sure to either: 1) place your issue in the You are receiving this comment because your last comment was before Monday, March 4, 2024 at 11:06 PM PST. |
Apologies, I've been sick on-and-off the past week and have not been able to sit with this. I expect it to be completed by EOW Sun Mar 17, if not sooner! |
Overview
As developers we aim to protect JavaScript files from XSS vulnerabilities, preventing malicious script injections that can compromise user security.
Action Items
assets/js/wins.js
in your IDEinnerHTML
in the file.innerHTML
property withtextContent
, using thecreateElement
method for creating DOM elements where necessaryResources/Instructions
The text was updated successfully, but these errors were encountered: