Update window.js DOM text reinterpreted as HTML

google / tamperchrome

Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).

https://tamper.dev

Apache License 2.0

4.18k stars 214 forks source link

Update window.js DOM text reinterpreted as HTML #261

Open Shivam7-1 opened 5 months ago

Shivam7-1 commented 5 months ago

By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML. Always be cautious when dealing with user input or dynamic content to prevent security risks.

Shivam7-1 commented 5 months ago

Hi @sirdarckcat Could You Please Review this PR Thanks

Shivam7-1 commented 4 months ago

Hi @sirdarckcat Could You Please Review this PR Thanks

NeilFraser commented 4 months ago

This PR would cause raw HTML tags to be printed on the user's screen.