Y
Hacker News
new
|
ask
|
show
|
jobs
by
localvoid
2827 days ago
I hope you are aware about this attack vector[1] that was fixed in React long time ago.
1.
http://danlec.com/blog/xss-via-a-spoofed-react-element
1 comments
toxmeister
2827 days ago
Thanks & I wasn't (aware of it). hdom doesn't use `.innerHTML` anywhere, though. So I'd dare to say less dangerous... though not saying it's out of danger!
link