Skip to content

Security: XSS Vulnerability - Unescaped innerHTML Usage #83

New issue
New issue
Open
Open
Security: XSS Vulnerability - Unescaped innerHTML Usage#83
Labels
bugSomething isn't workingcriticalsecurity
@AlexJSully

Description

@AlexJSully
AlexJSully
opened on Feb 17, 2026

Issue Description

Multiple instances of dynamic content are being inserted via innerHTML without proper sanitization. This creates potential XSS vulnerabilities if article data or error messages contain malicious scripts.

Risk Level

HIGH/CRITICAL

Affected Files

  • src/scripts/index.js

Details

Problem Locations

  1. Line 66: Error message display with user-controlled content

    document.getElementById("articleBody").innerHTML = ArticleFiller.article;

  2. Line 263: Article markdown conversion output

    document.getElementById("articleBody").innerHTML = ArticleFiller.article;

  3. Lines 370, 398, 400, 420, 450, 470, 537: Archive and carousel display with dynamic content

Example Vulnerability

If an article title contains <script>alert('xss')</script>, it would execute directly in the browser.

Expected Behavior

All dynamic content should be properly escaped or sanitized before being inserted into the DOM.

Solution Approach

  1. Create a sanitization utility function to escape HTML entities
  2. Replace all innerHTML assignments with textContent or escaped HTML content
  3. Consider using a library like DOMPurify for complex HTML cases
  4. Add unit tests to verify sanitization

Labels

security, bug, critical

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcriticalsecurity

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions