4
votes
Cycode scan recommends HTML sanitization for iframe.src assignment, but I'm only using a URL—what is the proper mitigation?
Instead of regex sanitization, construct the URL safely and encode parameters properly
const authToken =
sessionStorage.getItem('auth_token') ??
this.sessionStorage.retrieve('authenticationtoken') ...
- 327
2
votes
Cycode scan recommends HTML sanitization for iframe.src assignment, but I'm only using a URL—what is the proper mitigation?
Seikh Imran's answer is probably more idiomatic for contemporary JavaScript, but this approach is equally as secure, but a little older: use the encodeURIComponent function.
const auth_token = ...
- 19.5k
Only top scored, non community-wiki answers of a minimum length are eligible