[Issue] Update js.phtml DOM text reinterpreted as HTML #38821
Description
This issue is automatically created based on existing pull request: #38804: Update js.phtml DOM text reinterpreted as HTML
Description (*)
By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.
Contribution checklist (*)
- Pull request has a meaningful description of its purposeAll commits are accompanied by meaningful commit messagesAll new or changed code is covered with unit/integration tests (if applicable)README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an updateAll automated tests passed successfully (all builds are green)
Metadata
Metadata
Assignees
Labels
Gate 3 Passed. Manual verification of the issue completed. Issue is confirmedA defect with this priority could have functionality issues which are not to expectations.Indicates original Magento version for the Issue report.The issue has been reproduced on latest 2.4-develop branchIssue related to Developer Experience and needs help with Triage to Confirm or Reject it
Type
Projects
Milestone
Relationships
Participants
Activity
m2-assistant commentedon Jun 12, 2024
Hi @engcom-November. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇
Area: XXXXXlabel to the ticket, indicating the functional areas it may be related to.2.4-developbranchDetails
- Add the comment@magento give me 2.4-develop instanceto deploy test instance on Magento infrastructure.- If the issue is reproducible on
2.4-developbranch, please, add the labelReproduced on 2.4.x.- If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!
Issue: Confirmedonce verification is complete.engcom-November commentedon Jun 12, 2024
Hello @Shivam7-1,
Thank you for the report and collaboration!
It would be better to use innerText instead of innerHTML to prevent cross-site scripting.
Hence Confirming this issue.
github-jira-sync-bot commentedon Jun 12, 2024
Unfortunately, not enough information was provided to create a Jira ticket. Please make sure you added the following label(s):
Reproduced on 2.4.x,^Area:.*Once all required labels are present, please add
Issue: Confirmedlabel again.github-jira-sync-bot commentedon Jun 12, 2024
✅ Jira issue https://jira.corp.adobe.com/browse/AC-12118 is successfully created for this GitHub issue.
m2-assistant commentedon Jun 12, 2024
✅ Confirmed by @engcom-November. Thank you for verifying the issue.
Issue Available: @engcom-November, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.