|
|
|
|
|
|
by TekMol
1576 days ago
|
|
|
If the state comes from the user, they
can add script tags into the html
How is that different with React?And how is it a problem? A rendering engine would set the html of some element to the html I think? This ... document.body.innerHTML='<script>alert(1)</script>';
...does not execute the script. |
|
|
https://developer.mozilla.org/en-US/docs/Web/API/Element/inn...