Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on WordPress.

  1. Audit custom JavaScript files in your theme and plugins for unsafe DOM writes.

  2. Use wp_localize_script() to safely pass server-side data to scripts instead of embedding raw data in HTML.

  3. Escape values with JavaScript's encodeURIComponent() before placing them in URLs.

  4. Use DOMPurify for any client-side HTML rendering.

Back to top