Community Learn Tools Library Leisure
search
English
How to fix checkmarx error "...untrusted data was embedded directly in the output..."
P粉330232096
P粉330232096 2024-02-21 12:24:04
0
1
325

In a front-end application using jQuery, I have an oversimplified code like this (including line numbers): 

...
129: var buttonId = $('some-element').closest('...').siblings('...').attr('id');
130: $('#' + buttonId).focus();
...

In checkmarx I get this error:

The application's {method_name} uses $ at {file_name} line 130 to embed untrusted data into the generated output. This untrusted data is embedded directly into the output without proper sanitization or encoding, allowing attackers to inject malicious code into the output.

So - what should I do here? ...since the ID attribute is just an ID, you know...so I don't know what sanitization or encoding should be performed on it.

P粉330232096
P粉330232096

reply all(1)
P粉258083432
P粉2580834322024-02-22 09:19:53 1 floor

I just encountered a similar problem.

Try to replace: 

$('#' + buttonId).focus();

and:

jQuery('#' + buttonId).focus();

Somehow, for this case, the scanner doesn't know that the variable $ is the same as the jQuery variable.

Try it;o)

Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template