|
|
|
|
|
|
by jfagnani
356 days ago
|
|
|
This API is definitely secure by default, and that's one of the constraints and requirements I mention in the post. The API is secure because it separates static developer controlled strings from dynamic and possibly user-controlled values by JavaScript syntax. Values from text bindings are written to the DOM by setting TextNode.data, which escapes the value first. |
|
|