How to protect the application from XSS vectors present in third-party js libs?

Question

How to protect the application from XSS vectors present in third-party js libs?

I use various third-party libraries like cordova.js, jquery, jquery mobile, mobilizer, etc. in the Android mobile app. These libraries have various XSS vectors through the insecure use of eval, settimeout, inner / outerhtml, etc.

Is there a way in which I could cover / fix these security holes and still use these libraries in my application, is it safe?

+4

javascript security libs

Ocelot Mar 11 '13 at 11:19

source share

1 answer

rook · Answer 1 · 2013-03-11T21:03:57+0000

These vulnerabilities must be reported to the provider, and you must use their fix.

The use of DOM Based XSS and android is possible, however attack vectors are more limited, because usually an attacker cannot use one of these vulnerabilities using a simple GET or POST request.

How to protect the application from XSS vectors present in third-party js libs?

More articles: