cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
mjbellomo
New Member

Best way to handle XSS vulnerabilities in custom visuals

‎03-20-2017 07:24 PM

Hey all,

 

I'll jump in here and ask something I've been stuck on for a while.

I've been working on this custom visual to display html formatted paragraphs so that I can pass formatting inline with value data into a custom visual for long text, which is useful for text fields.

 

The gitHub Repo is here:

https://github.com/mjbellomo/pbvizHtmlVisual

 

For simplicity's sake I'd like to be able to be able to set the innerHTML = dataView.Table.Rows.ToString() but I'm concious of the vulnerabilites intruduced by doing so, short of adding in all of the various format options into the format panel individually.

 

Thoughts?

Message 1 of 2
1,983 Views
0
1 REPLY 1
v-viig
Community Champion
Community Champion

‎04-14-2017 04:21 AM

Hello @mjbellomo,

 

Thanks for your feedback.

I think that you can use js-xss to prevent a XSS injection.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Message 2 of 2
1,899 Views
0

Helpful resources

Announcements
PBI Sept Update Carousel

Power BI September 2023 Update

Take a look at the September 2023 Power BI update to learn more.

Learn Live

Learn Live: Event Series

Join Microsoft Reactor and learn from developers.

Dashboard in a day with date

Exclusive opportunity for Women!

Join us for a free, hands-on Microsoft workshop led by women trainers for women where you will learn how to build a Dashboard in a Day!

MPPC 2023 PBI Carousel

Power Platform Conference-Power BI and Fabric Sessions

Join us Oct 1 - 6 in Las Vegas for the Microsoft Power Platform Conference.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All