Skip to content

Commit

Permalink
Update semgrep.test.js
Browse files Browse the repository at this point in the history 
Co-authored-by: semgrep-code-dotcms-test[bot] <183154938+semgrep-code-dotcms-test[bot]@users.noreply.github.com>
  • Loading branch information
@mbiuki @semgrep-code-dotcms-test
mbiuki and semgrep-code-dotcms-test[bot] authored Oct 18, 2024
1 parent 3504596 commit 27d5622
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion semgrep.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,16 @@ function bad2(userInput) {
function bad3(userInput) {
const name = '<div>' + userInput + '</div>';
// ruleid: insecure-document-method
document.write(name);
// Import DOMPurify to sanitize user input
const DOMPurify = require('dompurify');

function bad3(userInput) {
// Sanitize the user input to prevent XSS
const sanitizedInput = DOMPurify.sanitize('<div>' + userInput + '</div>');

// Use document.write with sanitized input
document.write(sanitizedInput);
}
}

function ok1() {
Expand Down

0 comments on commit 27d5622

Please sign in to comment.