And there is a pretty good chance of that happening in most JS projects.
Anywhere you take or show input from the user (an input box, a URL query, displaying data stored by some other system on the DB, etc...) could be a vector for an XSS attack.
And it's not just data passed to JS, but data passed to HTML or any data that could make it's way into CSS in many cases!
Anywhere you take or show input from the user (an input box, a URL query, displaying data stored by some other system on the DB, etc...) could be a vector for an XSS attack.
And it's not just data passed to JS, but data passed to HTML or any data that could make it's way into CSS in many cases!