XSS vulnerability?

bartez234 · March 18, 2016, 10:15am

Hello I have this annoying issue with input fields in Ionic (or maybe Angular in general). If I insert anything like this:

<img src='doesnotexist.jpg' onerror='alert(4)' />

in an input field. It is actually evaluated and an alert is shown. It can then be saved and other users will also be presented with this alert.

Is there any way to prevent this? Thanks!

mladen5 · March 18, 2016, 11:13am

You need to provide more details but if it can be saved somewhere then its a serious issue, if not then i think its probably fine. User can’t share URL to your app with XSS in query like in websites. You can use Content Security Policy (CSP) to prevent XSS.

Topic		Replies	Views
Using Ionic Angular with strict CSP settings Ionic Angular	0	731	August 1, 2022
Content-security-policy refused to load image ionic-v1	5	15421	November 23, 2016
HTML Injection in ion-input Ionic Angular	3	902	October 29, 2020
Ionic 2 Angular 2 HTTP Post Base64 Image to Server results in sanitizing unsafe URL before sending ionic-v3	2	5055	December 29, 2016
Unsafe prepended on base64 image url, trying to use domsanitizer, but not working ionic-v3	2	2780	April 10, 2017

XSS vulnerability?

Related topics