How to prevent html injection in Ionic application

0
votes

I develop a demo app where user can create a post by providing following inputs(ion-input type=“text”).

While testing some user will type some HTML scripting and the result you can see on attached image.

So my question is how can we prevent this type of inputs in ionic ?enter image description here

2
angularionic-frameworkionic3
Is your "output component" using [innerHtml] ? - Caio Oliveira
Do you mean this, <p [innerHTML]="userPost.longDescription"></p> ? Yes I am using this for displaying text - Rajat.r2

2 Answers

0
votes

What if you displayed the input in the "p" tag like this

<p>{{userPost.longDescription}}</p>
0
votes

Hello I found out work around solution by simply changing the message(Input value).

It's not a proper solution but in my case it is cool alternative.

Solution for disable HTML or any kind of scripting.

-- Simply replace some basic special symbol to white space which is used while writing a script.

 Example: < > ( ) ' " / \ *; = { } ` (back tick) % + ^! -
 const str = `Click <a href='www.google.com'> here</a> to reset your password`;
console.log(str.replace(/[\\#+$~`":;!=*<>{}]/g, ""));

In my case user not using some symbols for describing problem(Message).