|
|
|
|
|
|
by megous
2939 days ago
|
|
|
This is soved by knowing the destination size and using functions that respect that and never assume the size of an input will not be larger. (unless proximity of something that would assure the size of input is close enough to where you're making the assumption about it in code, but still you'd be taking risks, especially if it's not your code, but some foreign library call) It's the same with web programming. You always escape on the output, or just avoid escaping by using proper API (el.textContent = 'something'). |
|
|