You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For example, if a streamer were to allow a command that takes a viewer's input and display that using $test, the user could maliciously insert "<script>REDIRECT TO ANOTHER SITE</script>" as their text.
To avoid this issue, please use textContent to set values. text.textContent = MySet.message;
The text was updated successfully, but these errors were encountered:
When displaying text, the code set innerHTML and displays the value.
text.innerHTML = MySet.message;This method of setting text if extremely vulnerable to DOM-based cross-site scripting.
For example, if a streamer were to allow a command that takes a viewer's input and display that using $test, the user could maliciously insert "<script>REDIRECT TO ANOTHER SITE</script>" as their text.
To avoid this issue, please use textContent to set values.
text.textContent = MySet.message;The text was updated successfully, but these errors were encountered: