Open benibela opened 2 years ago
All the usages of innerHTML are rather insecure. For example, when an exposure variable is named <a href="javascript:alert(123)">xyz</a>, it creates a link that runs javascript on the side panels:
<a href="javascript:alert(123)">xyz</a>
All the usages of innerHTML are rather insecure. For example, when an exposure variable is named
<a href="javascript:alert(123)">xyz</a>
, it creates a link that runs javascript on the side panels: