Replies: 1 comment 2 replies
-
|
In VanJS's implementation, it doesn't treat input strings as HTML strings. I think this makes VanJS not exposed to XSS attacks. To make your app XSS-proof, don't treat arbitrary user input as an HTML string without sanitization. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
@Tao-VanJS I should've also asked about mXSS. What do you think of that? |
Beta Was this translation helpful? Give feedback.
-
|
VanJS is not using APIs that are vulnerable to XSS or mXSS attacks. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I don't know much about front-end security, but I came across mXSS recently, and I was wondering how such injection-based attacks are dealt with.
Beta Was this translation helpful? Give feedback.
All reactions