|
this.template.querySelector('[data-id="output10"').innerHTML = ev.target.value; // CWEID 80 |
|
} |
|
|
|
hgw51(event) { |
|
console.log("hgw51"); |
|
console.log(event.target.value); |
|
let els = this.getElementsByTagName("span"); |
|
if(els.item(0)) { |
|
els.item(0).innerHTML = "WHAT IS THIS " + event.target.value; // CWEID 80 |
|
} else { |
|
console.log("no spans"); |
Filename: force-app/main/default/lwc/lwcfiftyone/lwcfiftyone.js
Line: 116
CWE: 117 (Improper Output Neutralization for Logs)
This call to console.log() could result in a log forging attack. Writing untrusted data into a log file allows an attacker to forge log entries or inject malicious content into log files. Corrupted log files can be used to cover an attacker's tracks or as a delivery mechanism for an attack on a log viewing or processing utility. For example, if a web administrator uses a browser-based utility to review logs, a cross-site scripting attack might be possible. Avoid directly embedding user input in log files when possible. Sanitize untrusted data used to construct log entries by using a safe logging mechanism such as the OWASP ESAPI Logger, which will automatically remove unexpected carriage returns and line feeds and can be configured to use HTML entity encoding for non-alphanumeric data. Alternatively, some of the XSS escaping functions from the OWASP Java Encoder project will also sanitize CRLF sequences. Only create a custom blocklist when absolutely necessary. Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode
apex-update//testcases/dxvforce2/force-app/main/default/lwc/lwcfiftyone/lwcfiftyone.js
Lines 111 to 121 in b93eb7e
Filename: force-app/main/default/lwc/lwcfiftyone/lwcfiftyone.js
Line: 116
CWE: 117 (Improper Output Neutralization for Logs)
This call to console.log() could result in a log forging attack. Writing untrusted data into a log file allows an attacker to forge log entries or inject malicious content into log files. Corrupted log files can be used to cover an attacker's tracks or as a delivery mechanism for an attack on a log viewing or processing utility. For example, if a web administrator uses a browser-based utility to review logs, a cross-site scripting attack might be possible. Avoid directly embedding user input in log files when possible. Sanitize untrusted data used to construct log entries by using a safe logging mechanism such as the OWASP ESAPI Logger, which will automatically remove unexpected carriage returns and line feeds and can be configured to use HTML entity encoding for non-alphanumeric data. Alternatively, some of the XSS escaping functions from the OWASP Java Encoder project will also sanitize CRLF sequences. Only create a custom blocklist when absolutely necessary. Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode