-
Notifications
You must be signed in to change notification settings - Fork 183
Open
Labels
Description
This is a tricky one to fix dur to the testing required to make sure nothing is broken.
This affects _CvSvg and CvDatePicker. AppScan report "Insecure Use of InnerHTML or OuterHTML"
This is a false positive report but it would be best to remove reference to innerHTML if possible.
In certain cases CvDatePicker, which is a wrapper around flatpicker, is removing white space from the innerHTML with
currentItem.innerHTML = currentItem.innerHTML.replace(/\s+/g, '');
This needs some testing to see if this can just be removed.
In _CvSvg the svg content is added to the component via innerHTML. There is probably a clearer way to do this.