Replies: 1 comment 2 replies
-
|
In VanJS's implementation, it doesn't treat input strings as HTML strings. I think this makes VanJS not exposed to XSS attacks. To make your app XSS-proof, don't treat arbitrary user input as an HTML string without sanitization. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
@Tao-VanJS I should've also asked about mXSS. What do you think of that? |
Beta Was this translation helpful? Give feedback.
-
|
VanJS is not using APIs that are vulnerable to XSS or mXSS attacks. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I don't know much about front-end security, but I came across mXSS recently, and I was wondering how such injection-based attacks are dealt with.
Beta Was this translation helpful? Give feedback.
All reactions