[Issue] Update js.phtml DOM text reinterpreted as HTML #38821
Labels
Area: Security
Component: Backend
Issue: Confirmed
Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed
Issue: ready for confirmation
Priority: P2
A defect with this priority could have functionality issues which are not to expectations.
Progress: PR in progress
Reported on 2.4.x
Indicates original Magento version for the Issue report.
Reproduced on 2.4.x
The issue has been reproduced on latest 2.4-develop branch
Triage: Dev.Experience
Issue related to Developer Experience and needs help with Triage to Confirm or Reject it
Projects
This issue is automatically created based on existing pull request: #38804: Update js.phtml DOM text reinterpreted as HTML
Description (*)
By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.
Contribution checklist (*)
The text was updated successfully, but these errors were encountered: