Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Drupal.

  1. Audit custom module JavaScript files for unsafe DOM writes.

  2. Use Drupal.behaviors to attach JS safely.

  3. Pass server-side data to JavaScript via drupalSettings (set in PHP with #attached['drupalSettings']) rather than embedding raw data in HTML.

  4. Sanitise client-side HTML rendering with DOMPurify.

Back to top