Shivam7-1
commented
6 months ago Hi @MarkusBordihn Could You Please Review This PR Thanks
Closed Shivam7-1 closed 6 months ago
Shivam7-1
commented
6 months ago Hi @MarkusBordihn Could You Please Review This PR Thanks
MarkusBordihn
commented
6 months ago Thank you for your thorough explanation regarding the use of innerText to mitigate the risk of HTML injection and potential cross-site scripting (XSS) vulnerabilities.
Given that the text provided is static and does not involve any user input, the risk of XSS vulnerabilities is indeed minimal in this specific use-case.
By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.