Hypothesis

2 Matching Annotations

Dec 2020
github.com github.com

Rich-Harris/devalue

1
1. TylerRick 16 Dec 2020
  
  in Public
  
  ${JSON.stringify(state)}
  
  interpolating without escaping (using raw unescaped value) avoid doing (bad ideas) security security: cross-site scripting (XSS) vulnerability
Visit annotations in context

Tags

security: cross-site scripting (XSS) vulnerability

avoid doing (bad ideas)

security

interpolating without escaping (using raw unescaped value)

Annotators

TylerRick

URL

github.com/Rich-Harris/devalue
Oct 2020
github.com github.com

choojs/nanohtml

1
1. TylerRick 14 Oct 2020
  
  in Public
  
  By default all content inside template strings is escaped. This is great for strings, but not ideal if you want to insert HTML that's been returned from another function (for example: a markdown renderer). Use nanohtml/raw for to interpolate HTML directly.
  
  escaping (encoding) security: sanitizing input interpolating without escaping (using raw unescaped value) when to use
Visit annotations in context

Tags

when to use

security: sanitizing input

escaping (encoding)

interpolating without escaping (using raw unescaped value)

Annotators

TylerRick

URL

github.com/choojs/nanohtml