File tree Expand file tree Collapse file tree 1 file changed +3
-3
lines changed
javascript/ql/src/Security/CWE-079 Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change 88Extracting text from a DOM node and interpreting it as HTML can lead to a cross-site scripting vulnerability.
99</p >
1010<p >
11- A webpage with this vulnerability unescapes an otherwise sanitized text,
12- and thereby allows an attacker to use sanitized text in the DOM to perform a
13- cross-site scripting attack.
11+ A webpage with this vulnerability reads text from the DOM, and afterwards adds the text as HTML to the DOM.
12+ Using text from the DOM as HTML effectively unescapes the text, and thereby invalidates any escaping done on the text.
13+ If an attacker is able to control the safe sanitized text, then this vulnerability can be exploited to perform a cross-site scripting attack.
1414</p >
1515</overview >
1616
You can’t perform that action at this time.
0 commit comments