Skip to content

AppScan reports issue with innerHTML #1541

@davidnixon

Description

@davidnixon

This is a tricky one to fix dur to the testing required to make sure nothing is broken.

This affects _CvSvg and CvDatePicker. AppScan report "Insecure Use of InnerHTML or OuterHTML"
This is a false positive report but it would be best to remove reference to innerHTML if possible.

In certain cases CvDatePicker, which is a wrapper around flatpicker, is removing white space from the innerHTML with

currentItem.innerHTML = currentItem.innerHTML.replace(/\s+/g, '');

This needs some testing to see if this can just be removed.

In _CvSvg the svg content is added to the component via innerHTML. There is probably a clearer way to do this.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions