Data Sanitization
-
Hey JSReport Team,
Just wondering if there is any built in sanitization that can be used for sanitizing data used for a template that might have malicious html or javascript, particularly to prevent Server-Side XSS. Or is this something we would need to be sure to implement on our own in the script or handlebars to prevent.
Thanks
-
The handlebars by default escape tags if you use double brackets.
{{value}}
Or you can use a custom sanitization lib of your choice. Here is an example
-
Hi Jsreport Team. i want to disable the default sanitization from jsreport. is there a way to stop it
-
What sanitization do you mean? To avoid handlebars escaping, use tripple brackets
{{{prop}}}