How can I take measures against XSS in the column header?
How can I take measures against XSS in the column header?
volume500ml
Posts: 2Questions: 1Answers: 0
in DataTables
First of all, let me tell you that I can't speak English well.
I'm sorry if it's a strange sentence.
I succeeded in escaping the fields other than the column header by the following method, but I would like to take XSS countermeasures for the column header values as well.
Is there a way?
Thank you.
const body = data.slice(1);
$('#datatable').dataTable({
data: body,
columnDefs: (function () {
let columns = [{ targets: '_all', render: $.fn.dataTable.render.text() }];
data[0].forEach((v, i) => {
columns.push({ targets: i, title: v });
});
return columns;
})()
});
I found a related comment, so I'll keep it linked.
https://datatables.net/reference/option/columns.title
grizgrad09@v1.10.1014:46, Mon 18th Jan 2016
Please note that you can enter HTML markup in the title field and it will be interpreted. I used this feature to include a <div> with a class value in order to enable custom CSS.
This question has an accepted answers - jump to answer
Answers
You could use:
It is a good point though. Perhaps we should look at some way of having a text renderer for the header.
Thanks for flagging that up.
Allan
{ targets: i, title: $.fn.dataTable.render.text().display(v) }Thanks very much to you, I was able to solve it.