https://github.com/emrd/do-not-use-innertext-directly

https://github.com/emrd/do-not-use-innertext-directly

Last synced: 24 days ago
JSON representation

• Host: GitHub
• URL: https://github.com/emrd/do-not-use-innertext-directly
• Owner: EmrD
• Created: 2025-01-17T13:51:11.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-01-24T12:35:06.000Z (over 1 year ago)
• Last Synced: 2025-01-25T04:13:37.784Z (over 1 year ago)
• Language: JavaScript
• Size: 49.8 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Do Not Use .innerText Directly

This is a test repository to show the security issues of the usage for .innerText property to make some requests to backend or somewhere. You can test on your local environment by cloning this repository.

## Testing The Security Issue

To see, follow; 

- Clone this repository to your local env. 

- Run with ``npm run dev``

- Open DevTools

- Click button to see the default content

- Edit the div text with elements section

- Click again to see edited text

The security issue is, we may sending some requests with .innerText. And anyone can change the text for one-time.