You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Checkmarx, this vulnerability is flagged as follows: "The method function embeds untrusted data in generated output with jQuery, at line 962 of jstree. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page." This vulnerability arises from the following code:
Hello, thank you for responding. Yes, I tried with this.element.querySelector(...); it no longer detects the vulnerability, but the get_node function doesn't work properly anymore.
In Checkmarx, this vulnerability is flagged as follows: "The method function embeds untrusted data in generated output with jQuery, at line 962 of jstree. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page." This vulnerability arises from the following code:
And also this:
These snippets reference the following code:
$('#' + obj.replace($.jstree.idregex,'\\$&'), this.element)
And this:
$('#' + obj.id.replace($.jstree.idregex,'\\$&'), this.element)
The text was updated successfully, but these errors were encountered: