How can I take measures against XSS in the column header?

How can I take measures against XSS in the column header?

volume500mlvolume500ml Posts: 2Questions: 1Answers: 0

First of all, let me tell you that I can't speak English well.
I'm sorry if it's a strange sentence.

I succeeded in escaping the fields other than the column header by the following method, but I would like to take XSS countermeasures for the column header values as well.
Is there a way?
Thank you.

const body = data.slice(1);
$('#datatable').dataTable({
    data: body,
    columnDefs: (function () {
        let columns = [{ targets: '_all', render: $.fn.dataTable.render.text() }];
        data[0].forEach((v, i) => {
            columns.push({ targets: i, title: v });
        });
        return columns;
    })()
});

I found a related comment, so I'll keep it linked.
https://datatables.net/reference/option/columns.title

grizgrad09@v1.10.1014:46, Mon 18th Jan 2016
Please note that you can enter HTML markup in the title field and it will be interpreted. I used this feature to include a <div> with a class value in order to enable custom CSS.

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 63,601Questions: 1Answers: 10,486 Site admin
    Answer ✓

    You could use:

    $.fn.dataTable.render.text().display(v)
    

    It is a good point though. Perhaps we should look at some way of having a text renderer for the header.

    Thanks for flagging that up.

    Allan

  • volume500mlvolume500ml Posts: 2Questions: 1Answers: 0

    { targets: i, title: $.fn.dataTable.render.text().display(v) }
    Thanks very much to you, I was able to solve it.

Sign In or Register to comment.