Log in Sign up
2 Matching Annotations
  1. Dec 2020
  2. github.com github.com
    Rich-Harris/devalue
    1
    1. TylerRick 16 Dec 2020
      in Public
      ${JSON.stringify(state)}
      interpolating without escaping (using raw unescaped value) avoid doing (bad ideas) security security: cross-site scripting (XSS) vulnerability
    Visit annotations in context

    Tags

    • interpolating without escaping (using raw unescaped value)
    • security
    • avoid doing (bad ideas)
    • security: cross-site scripting (XSS) vulnerability

    Annotators

    • TylerRick

    URL

    github.com/Rich-Harris/devalue
  3. Oct 2020
  4. github.com github.com
    choojs/nanohtml
    1
    1. TylerRick 14 Oct 2020
      in Public
      By default all content inside template strings is escaped. This is great for strings, but not ideal if you want to insert HTML that's been returned from another function (for example: a markdown renderer). Use nanohtml/raw for to interpolate HTML directly.
      escaping (encoding) security: sanitizing input interpolating without escaping (using raw unescaped value) when to use
    Visit annotations in context

    Tags

    • interpolating without escaping (using raw unescaped value)
    • when to use
    • security: sanitizing input
    • escaping (encoding)

    Annotators

    • TylerRick

    URL

    github.com/choojs/nanohtml
Share:
Group. Only group members will be able to view this annotation.
Only me. No one else will be able to view this annotation.
Hypothes.is
  • About
  • Blog
  • Bioscience
  • Education
  • Jobs
  • Help
  • Contact
  • Terms of Service
  • Privacy Policy