Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Don't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.

Reply
mjbellomo
New Member

Best way to handle XSS vulnerabilities in custom visuals

Hey all,

 

I'll jump in here and ask something I've been stuck on for a while.

I've been working on this custom visual to display html formatted paragraphs so that I can pass formatting inline with value data into a custom visual for long text, which is useful for text fields.

 

The gitHub Repo is here:

https://github.com/mjbellomo/pbvizHtmlVisual

 

For simplicity's sake I'd like to be able to be able to set the innerHTML = dataView.Table.Rows.ToString() but I'm concious of the vulnerabilites intruduced by doing so, short of adding in all of the various format options into the format panel individually.

 

Thoughts?

1 REPLY 1
v-viig
Community Champion
Community Champion

Hello @mjbellomo,

 

Thanks for your feedback.

I think that you can use js-xss to prevent a XSS injection.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Jan25PBI_Carousel

Power BI Monthly Update - January 2025

Check out the January 2025 Power BI update to learn about new features in Reporting, Modeling, and Data Connectivity.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

Top Solution Authors
Top Kudoed Authors