Re: Display form label when text is within field

Andy_Weilbaeche · ‎09-26-2023

Thanks for all of your great solutions in the past!

Just an FYI that this solution gives a Medium severity vulnerability according to our Checkmarx report.

"The method toggle embeds untrusted data in generated output with $. This
untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject
malicious code into the generated web-page."

Method function toggle(ele){
....
181.  $("label[for="+$(ele).prop('name')+"]" , 
formEl).css('visibility','hidden')

I think the solution for me is to probably hardcode the field label names but I haven't gotten all of the way through it yet. Would make it substantially less dynamic but would remove the potential vulnerability.

Just dropping a line in this years-old thread!

Maybe you know how to overcome this?

SanfordWhiteman · ‎09-26-2023

That’s not my code.

(It’s also probably a spurious warning based on the context, there’s absolutely no untrusted output generated there.)

TK · ‎03-24-2021

@SanfordWhiteman

Stumbled across this resolution and it worked perfectly for me! Thanks so much!

Quick question:

Your snippet works as intended for me, but is there a way to add it so the label action also occurs when the input field is in focus?

SanfordWhiteman · ‎03-25-2021

Your snippet works as intended for me, but is there a way to add it so the label action also occurs when the input field is in focus?

That functionality could be added, but it's unlikely I'll get to it anytime soon.