Uses innerText For Dom Text reinterpreted as HTML

GoogleChrome / lighthouse

Automated auditing, performance metrics, and best practices for the web.

https://developer.chrome.com/docs/lighthouse/overview/

Apache License 2.0

28.27k stars 9.35k forks source link

Uses innerText For Dom Text reinterpreted as HTML #15884

Closed Shivam7-1 closed 6 months ago

Shivam7-1 commented 6 months ago

By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML. when dealing with user input or dynamic content to prevent security risks.

connorjclark commented 6 months ago

This isn't resolving any security issue, so I'm going to close.