Column Data should render as text to avoid XSS
Column Data should render as text to avoid XSS
amansharmaknl
Posts: 1Questions: 1Answers: 0
i am building my datatable content through backend code in which based on specific conditions we are adding anchor tags to navigate to different page.
My question is if one of cell has content through backend code isa like
<a href="xyz.com"> Navigate to Page <script> alert("Hi");</sript></a> (testing XSS scenarios)
Requirement is when above content renders on UI, it should display text in cell like: Navigate to page alert("Hi"); (i.e. it should not run script statement just show as plain text)
I used below code
tableOpts.columnDefs.push(
{ render: jqdt.fn.dataTable.render.text() }
);
but it rendering content like totally in plain text : <a href="xyz.com"> Navigate to Page <script> alert("Hi");</sript></a>
My requirement is anchor tag has to rendered properly with following output
Navigate to Page alert("Hi");. (All content should be clickable)
Answers
Sounds like you want to use
columns.render. The docs have an example of rendering a link.Kevin