cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
mjbellomo
New Member

Best way to handle XSS vulnerabilities in custom visuals

Hey all,

 

I'll jump in here and ask something I've been stuck on for a while.

I've been working on this custom visual to display html formatted paragraphs so that I can pass formatting inline with value data into a custom visual for long text, which is useful for text fields.

 

The gitHub Repo is here:

https://github.com/mjbellomo/pbvizHtmlVisual

 

For simplicity's sake I'd like to be able to be able to set the innerHTML = dataView.Table.Rows.ToString() but I'm concious of the vulnerabilites intruduced by doing so, short of adding in all of the various format options into the format panel individually.

 

Thoughts?

1 REPLY 1
v-viig
Community Champion
Community Champion

Hello @mjbellomo,

 

Thanks for your feedback.

I think that you can use js-xss to prevent a XSS injection.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Helpful resources

Announcements
August 2022 update 768x460.jpg

Check it Out!

Click here to learn more about the August 2022 updates!

August 1 episode 9_no_dates 768x460.jpg

The Power BI Community Show

Watch the playback when Priya Sathy and Charles Webb discuss Datamarts! Kelly also shares Power BI Community updates.

Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Top Solution Authors