Security issue

  1. DOM-based Cross Site Scripting Vulnerability
    Class: Data Validation Severity:Medium Difficulty: Medium
    TARGETS:
    …/dhtmlxGrid/codebase/dhtmlxcommon.js
  • Line 195:Unsafe client output calling this.xmlDoc.setRequestHeader() with tainted arg
  • Line 195:String concatenation with user-controlled value
  • Line 195:String concatenation with user-controlled value
  • Line 195:“navigator.userAgent” is controlled by the user

Can you please have a look and consider replacing line 195 with:
this.xmlDoc.setRequestHeader(“User-Agent”, “dhtmlxRPC v0.1 (”+encodeURI(navigator.userAgent)+")");

Thank you.