this template literal looks like html and has interpolated variables.These variables are not html-encode by default. If the vaiables contain html tags, these may be interpreted by the broser, resulting in cross-site scripting(xss)
this.id =`<img src ="4{'DATA:IMAGE/PNG; BASE64,' + this.innerHtml}" alt =Sign is missing" title="sigin" >`
this giving cross-site scripting can you provide solution