I'm facing the follow warning at checkmarx report. I tried to use sanitized pipe to fix but still returning the warning. Any suggestions?
Asked
Active
Viewed 1,595 times
-4
securecodeninja
- 2,497
- 3
- 16
- 22
André de Mattos Ferraz
- 612
- 5
- 13
-
the code is in the image: – André de Mattos Ferraz May 28 '21 at 14:33
-
1and can you provide a sample stackblitz? – Aakash Garg May 30 '21 at 10:48
-
@AakashGarg {{dataType of displayTypes}} => displayTypes is string[] – André de Mattos Ferraz May 31 '21 at 13:41
-
Have you tried injecting the sanitiser into your component and using a getter or method to retrieve your html? – Ben Brookes Jun 01 '21 at 15:00
-
@BenBrookes same issue – André de Mattos Ferraz Jun 09 '21 at 18:06
-
Are you sure? If the variables from your template was sanitised HTML then checkmarx wouldn't pick this issue up as the sanitiseHTML pipe wouldn't need to be used. – Ben Brookes Jun 10 '21 at 11:45
-
@BenBrookes https://imgur.com/Viy0KVi same error in same case – André de Mattos Ferraz Jun 10 '21 at 14:44
-
Does this still occur if you bind the value to `[innerHtml]` ? – Ben Brookes Jun 10 '21 at 15:41
-
Let me try. But only the variable or with sanitize method? I will try both... – André de Mattos Ferraz Jun 10 '21 at 18:10
-
@BenBrookes same error: https://imgur.com/BtONgp4 – André de Mattos Ferraz Jun 11 '21 at 12:40
-
1We will add it to false positives. Thx @BenBrookes! – André de Mattos Ferraz Jun 14 '21 at 17:03
1 Answers
0
I add it to False positive! I will use [innerHTML] attribute from angular to show the values.
André de Mattos Ferraz
- 612
- 5
- 13