Skip to content

fix(core): replace innerHTML with textContent in password directive#367

Open
Kaushik-Kumar-CEG wants to merge 1 commit into
PSMRI:mainfrom
Kaushik-Kumar-CEG:fix/password-directive-xss
Open

fix(core): replace innerHTML with textContent in password directive#367
Kaushik-Kumar-CEG wants to merge 1 commit into
PSMRI:mainfrom
Kaushik-Kumar-CEG:fix/password-directive-xss

Conversation

@Kaushik-Kumar-CEG
Copy link
Copy Markdown
Contributor

@Kaushik-Kumar-CEG Kaushik-Kumar-CEG commented May 24, 2026

📋 Description

myPassword.directive.ts uses innerHTML to display plain text feedback ("Strong Password", "Weak Password", etc.). Since these are non-HTML strings, innerHTML is unnecessary and introduces an XSS vector. Replaced with textContent which is safer and functionally identical for plain text.

✅ Type of Change

  • 🐞 Bug fix (non-breaking change which resolves an issue)
  • 🚀 Performance (improves performance)

ℹ️ Additional Information

  • textContent does not invoke the HTML parser, making it marginally faster
  • textContent is immune to XSS by design — it treats all input as text, never as markup
  • No behavior change since all assigned strings are plain text with no HTML tags

@Kaushik-Kumar-CEG
fix(core): replace innerHTML with textContent in password directive
0ae953f 
Using innerHTML to set plain text strings is an unnecessary XSS vector.
Replace with textContent which is safer and functionally equivalent for
non-HTML content.
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 24, 2026

Warning

Review limit reached

@Kaushik-Kumar-CEG, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 9 minutes and 30 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6e7f38fa-fb8b-4e1a-8cc1-49c9339cbd59

📥 Commits

Reviewing files that changed from the base of the PR and between 8c270f9 and 0ae953f.

📒 Files selected for processing (1)
  • src/app/app-modules/core/directives/password/myPassword.directive.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Kaushik-Kumar-CEG
Copy link
Copy Markdown
Contributor Author

Kaushik-Kumar-CEG commented May 24, 2026

Hi @snehar-nd @drtechie — this replaces innerHTML with textContent in the password directive to eliminate an XSS vector. Related to PSMRI/AMRIT#130 (C4GT DMP 2026).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Kaushik-Kumar-CEG