Home > Enterprise >  Is there a risk to XSS attacks when assigning the input element value?
Is there a risk to XSS attacks when assigning the input element value?

Time:12-22

Will assigning a value to an input element that was created with vanilla js cause XSS vulnerabilities?

For example

var inn = document.createElement('input');
//append to parent or body...

var data = request.post(someData) //make some kind of https request with a response.

in.value = data;

CodePudding user response:

No (caveat¹). The value you assign to the value property of an input element is solely treated as plain text. Nothing about it is executed.

¹ Caveat: If data is an object with a custom toString function, then assigning data to in.value will implicitly call that toString function, which executes code. You seem to be showing data as the result of doing a POST, though, so I'm going to assume it can't be an object with a custom toString function.

Page link:https//www.codepudding.com/Enterprise/650693.html

Prev:When are array literals created?
Next:"Uncaught TypeError: posts.map is not a function" , How to solve this error?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding