i am getting warning Cross-site Scripting (XSS) with innerHTML

Question

I have a code where I need to send HTML with inner Html but my code is not passing the security testing it showing Cross-site Scripting (XSS) warning.

how to use innerHtml with out Cross-site Scripting (XSS) issue.

 if (e.currentTarget) {
            const { reamoreid } = e.target.dataset;
            axios.get(`/single-readmore/${reamoreid}`).then((response) => {
                readMoreContent.innerHTML = DOMPurify.sanitize(readmoreInfo(response.data));
            });

I need some information about how to fix the issue.

any response from anyone. i need your help – freelanceing mindset Oct 29 '21 at 21:14 — freelanceing mindset, Oct 29 '21 at 21:14

score 0 · Answer 1 · answered Oct 29 '21 at 17:26

0

Due to CORS policy, you cannot view the response of a packet if it does not contain "Access-Control-Allow-Origin: *" header. If you don't own the server, use a CORS proxy. Example: https://cors-anywhere.herokuapp.com/https://google.com
(link will not work if sent through the address line)

answered Oct 29 '21 at 17:26

Antosser

346
1
9

I cant understand your answer is it related to my question? – freelanceing mindset Oct 29 '21 at 18:26

i am getting warning Cross-site Scripting (XSS) with innerHTML

1 Answers1