DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

XSS and configuration

XSS and configuration

luguslugus Posts: 12Questions: 2Answers: 0
in Free community support

Hello,

Is there a way to specify the render configuration (https://datatables.net/manual/security#Cross-Site-Scripting) to avoid XSS attacks if we are using https://datatables.net/manual/options#HTML-5-data-attributes? It seems no, but in case you have a solution, i give a try!

Thank you,
Alban

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 64,061Questions: 1Answers: 10,559 Site admin
    Answer ✓

    The columns.render needs to execute as a function, and that can't be done with a string from HTML5 attributes - so currently no - you need to use Javascript to use a renderer like this.

    However, if you are using the HTML5 options, are you not putting the data into the HTML yourself? In which case you'd need to do the HTML escaping yourself anyway.

    Allan

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.