CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Code Security
  • Features
Engineering Productivity
  • DORA Metrics
  • Dev Productivity
Code Quality
  • Features
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Cloud Security
  • AWS
  • GCP
  • Azure
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
      • Angular
      • Aws-cdk
      • Lang
      • Nestjs
      • Nextjs
        • React-nextjs-router-create-element-dangerouslysetinnerhtml
        • React-nextjs-router-create-element-href
        • React-nextjs-router-dangerouslysetinnerhtml
        • React-nextjs-router-href
        • React-nextjs-router-push
        • React-nextjs-router-refs
          • React nextjs router refs
      • React
      • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
React-nextjs-router-refs

React nextjs router refs

react-nextjs-router-refs

Untrusted input could be used to tamper with a web page rendering, which can lead to a Cross-site scripting (XSS) vulnerability. XSS vulnerabilities occur when untrusted input executes malicious JavaScript code, leading to issues such as account compromise and sensitive information leakage. Validate the user input, perform contextual output encoding, or sanitize the input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize the HTML within.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
React nextjs router pushBest practice
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.