DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Vulnerabilities with dataTables server side processing

Vulnerabilities with dataTables server side processing

davidreachiodavidreachio Posts: 1Questions: 0Answers: 0
in Free community support

I was working on a project and I needed to output user details unto dataTables from PHP MYSql. DataTable requires results to be json encoded from php but it receives it as a get mothod in javascript. Problem is that the entire results is been shown on the browser console. I just wanted it to parse straight to window but dataTables leaves references on the browser console which can cause XSS attackes because I was able to hack my data using those information on the console

Replies

  • allanallan Posts: 63,457Questions: 1Answers: 10,465 Site admin

    I don't really see how showing information on a console can lead to an XSS attack - also DataTables shouldn't be showing any JSON response on the console by default. Can you give me a link to a page showing it doing that so I can correct it please?

    In terms of protecting against XSS attacks - the security documentation has details about that.

    Allan

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.