Im fixing some security issues that AppScan found on my Angular Application, one of them is the insecure use of “setAttributeNS()” I use this method in my application to inject some namespaces in the correct htmlElemnt
I have reader about the setAttribute() XSS vulnerability and that a workaround for it is directly injecting the code in the attribute name instead of using ‘setAttribute()’, but for setAttributeNS() I haven’t found any workaround to avoid this vulnerability
Example code:
.setAttributeNS("http://www.w3.org/1999/xlink", "href", canvas.toDataURL('image/png')
Any suggestions will be appreciated