cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
mjbellomo
New Member

Best way to handle XSS vulnerabilities in custom visuals

Hey all,

 

I'll jump in here and ask something I've been stuck on for a while.

I've been working on this custom visual to display html formatted paragraphs so that I can pass formatting inline with value data into a custom visual for long text, which is useful for text fields.

 

The gitHub Repo is here:

https://github.com/mjbellomo/pbvizHtmlVisual

 

For simplicity's sake I'd like to be able to be able to set the innerHTML = dataView.Table.Rows.ToString() but I'm concious of the vulnerabilites intruduced by doing so, short of adding in all of the various format options into the format panel individually.

 

Thoughts?

1 REPLY 1
v-viig
Community Champion
Community Champion

Hello @mjbellomo,

 

Thanks for your feedback.

I think that you can use js-xss to prevent a XSS injection.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Power BI Dev Camp Session 23 768x460.jpg

Check it Out!

Mark your calendars and join us on Thursday, June 30 at 11a PDT for a great session with Ted Pattison!

June 20 episode 7 with aka link 768x460.jpg

The Power BI Community Show

Join us on June 20 at 11 am PDT when Kim Manis shares the latest on Azure Synapse analytics, the Microsoft Intelligent Data Platform, and notable Power BI Updates from Microsoft Build 2022.

Top Solution Authors
Top Kudoed Authors