|
|
|
|
|
|
by undo76
3798 days ago
|
|
|
Stupid me. I missread the code and did a proof of concept in jsbin just adding "</script><script>alert('XSS');</script><script>" as a hobby. Now I realise that I added it in the HTML view so I was just closing the original <script> tag. So, no XSS issues, AFAIK. I am updating my original response to reflect this. Nevertheless, using a framework like React protects you automatically from accidentally adding XSS vulnerabilities. |
|
|