Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
mjbellomo
New Member

Best way to handle XSS vulnerabilities in custom visuals

‎03-20-2017 07:24 PM

Hey all,

 

I'll jump in here and ask something I've been stuck on for a while.

I've been working on this custom visual to display html formatted paragraphs so that I can pass formatting inline with value data into a custom visual for long text, which is useful for text fields.

 

The gitHub Repo is here:

https://github.com/mjbellomo/pbvizHtmlVisual

 

For simplicity's sake I'd like to be able to be able to set the innerHTML = dataView.Table.Rows.ToString() but I'm concious of the vulnerabilites intruduced by doing so, short of adding in all of the various format options into the format panel individually.

 

Thoughts?

Message 1 of 2
3,105 Views
0
1 REPLY 1
v-viig
Community Champion
Community Champion

‎04-14-2017 04:21 AM

Hello @mjbellomo,

 

Thanks for your feedback.

I think that you can use js-xss to prevent a XSS injection.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Message 2 of 2
3,021 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All