After reviewing the Security page, I just want to make sure of a few points.
* Unless something external breaks through my organization's firewall, will the data within the table being displayed remain safe?
* I don't have admin privileges to my my machine, and my browser settings are set to strict. Should I avoid a particular browser? My organization uses Edge, Chrome and Internet Explorer.
* Other than implementing the above data table code and scripts, is there anything else I should do?
Edit: I forgot to add - the page will be displayed locally only, not on some server. But I still have internet access.
It depends what you mean by safe here. If you don't want anyone else to be able to view the data, that you would need to prevent the page the table is on from being visible on the web (DataTables doesn't "call home" if that is what you are asking).
But if someone had access to view the page, they would be able to view (and scrape) the data.
IE is no longer supported by Microsoft, so any security vulnerabilities found in it, will not be patched by Microsoft. So I would suggest not using IE for this point alone, but that will be down to a company IT decision.
DataTables itself will work fine on those browsers and doesn't trigger any security issues in them.
From a DataTables point of view, the key question is, are you going to be showing unsanitised user input data. If so, then you must use the
textrenderer, noted on the security page under the XSS section.
I really appreciate your reply.
By safe, I meant from any internal or external attacks. I will only be sharing this page internally within my organization to a few specific people. So yes, in theory they could open up the HTML file and take the data (in this case, that is fine). I assume the only way to prevent this is if I actually host it on a server that calls the files from a different location.
As for your last comment - I am not sure if I fully understand. The people who I share this HTML page with won't be inputting data or modifying any data within the table itself. They may provide information in the search bar (see first link in my original post for what I mean) to narrow down specific results within the table though.
You would prevent this by hosting the page on a server which can only be accessed locally in your organisation. If it is a public facing web-page, then anyone with the URL can access it.
Okay. No risk of showing unescaped HTML in the table then. You are perfectly safe here.
I really appreciate your help. Thank you very much.