|
|
|
|
|
|
by blablabla123
3296 days ago
|
|
|
Not just pretty good, I mean to show code unescaped you need to write `dangerouslySetInnerHTML`. I think it's a common misconception, heavy-weight software usually does pretty well with common problems. If you think of frameworks like Rails which make input validation easy, writing manual SQL almost obsolete (SQL injection) and even CSRF protection happens mostly transparently. |
|
|