Possible bug when sanitizing strings
Possible bug when sanitizing strings
Captaincapslock
Posts: 3Questions: 0Answers: 0
So, to prevent scripts from being executed when showing them in a data table, I usually do this:
var sanitized = $("div").text("<script>alert(1);</script>").html();
This works fine when rendering a table. However when re-rendering that table, DataTables won't initialize. See example:
$("#mytable").DataTable({
columns: [{
title: "Column"
} ],
data: [
[`<a href="#">${$("div").text("<script>alert(1)</script>").html()}</a>`]
],
destroy: true
});
$("#mytable").DataTable({
columns: [{
title: "Column"
} ],
data: [
[`<a href="#">something else</a>`]
],
destroy: true
});
No errors will show up in the chrome console. I think this is a bug! If you do not use the sanitizing, DataTables will initialize twice and show the expected result.
This discussion has been closed.
Replies
Edit: It won't initialize for the second time.
If you remove the jQuery sanitizing stuff, it actually will re-initialize for the second time.
For now I sanitize using