Ptt 大爆卦 | jQuery.append XSS - 前往 https://palant.info/2015/08/30/why-you-probably-want-to-disable-jqueryparsehtml-even-though-you-don-t-call-it/

你即將離開本站

並前往https://palant.info/2015/08/30/why-you-probably-want-to-disable-jqueryparsehtml-even-though-you-don-t-call-it/

Why you probably want to disable jQuery.parseHTML even ...

Passing HTML code to jQuery.append will use the infamous innerHTML ... might easily turn into a Cross-Site Scripting (XSS) vulnerability.

確定！回上一頁

查詢「jQuery.append XSS」的人也找了：

Jquery append function

jQuery XSS filter

jQuery attr XSS

Cross site scripting: DOM Fortify fix

cross-site-scripting解決

Client potential XSS JavaScript fix checkmarx