Hypothesis

2 Matching Annotations

Dec 2020
github.com github.com

Rich-Harris/devalue

1
1. TylerRick 16 Dec 2020
  
  in Public
  
  ${JSON.stringify(state)}
  
  interpolating without escaping (using raw unescaped value) avoid doing (bad ideas) security security: cross-site scripting (XSS) vulnerability
Visit annotations in context

Tags

security

avoid doing (bad ideas)

interpolating without escaping (using raw unescaped value)

security: cross-site scripting (XSS) vulnerability

Annotators

TylerRick

URL

github.com/Rich-Harris/devalue
Oct 2020
github.com github.com

choojs/nanohtml

1
1. TylerRick 14 Oct 2020
  
  in Public
  
  By default all content inside template strings is escaped. This is great for strings, but not ideal if you want to insert HTML that's been returned from another function (for example: a markdown renderer). Use nanohtml/raw for to interpolate HTML directly.
  
  escaping (encoding) security: sanitizing input interpolating without escaping (using raw unescaped value) when to use
Visit annotations in context

Tags

interpolating without escaping (using raw unescaped value)

security: sanitizing input

when to use

escaping (encoding)

Annotators

TylerRick

URL

github.com/choojs/nanohtml