Partial View loading using javascript : Possible XSS by HP FORTIFY

Question

I have a js function , which Fortify identified as XSS vulnerable as below. Can you suggest any solution for this since the method is intensively used in my app.

I am here trying to call a partialview in ajax and the result html am appending to a specified dom div

My function look like the below

      function loadPartialViewToDiv(div, obj, api) {
        try {
                
    

const myUrl = new URL(window.location.origin +  api); // always local URL only 
    
    $.ajax({       
    
    url: myUrl ,
    data: obj,
    cache: false,
    type: "POST",
    dataType: "html",
    
    success: function (data, textStatus, XMLHttpRequest) {        
    
    if (data != undefined && data != null) {        
    
    $('#' + div).html(data);        
    
    }    
    
    
    }
    
    
    });
    
    
    } catch (e) {
    
    
    ('#' + div).html('Error');
    
    
    }
    
    }

score 0 · Answer 1 · answered Jun 21 '22 at 08:04

0

The dynamic DOM element id was the issue ($('#' + div).html(data); ), we fixed it using two methods

giving a static id. $('#abcd').html(data);
OR
change as $('#' + div).text($(data));

answered Jun 21 '22 at 08:04

suvsuv

3
1

Partial View loading using javascript : Possible XSS by HP FORTIFY

1 Answers1