Skip to content
This repository has been archived by the owner on Apr 22, 2020. It is now read-only.

XSS risks? #610

Open
rugk opened this issue Feb 26, 2020 · 0 comments
Open

XSS risks? #610

rugk opened this issue Feb 26, 2020 · 0 comments

Comments

@rugk
Copy link

rugk commented Feb 26, 2020

If you use untrusted user-input, escape that to be HTML-escaped and (via DOMPurify etc.) and then run prettify over that code, is this safe?

Or may it introduce an XSS risk as such that you prettify the code after inserting/escaping?
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rugk