|
|
|
|
|
|
by btipling
4318 days ago
|
|
|
It's best to just not concatenate strings and then dump them into HTML. You can't know it's not an XSS issue unless you know how this ended up in localStorage to begin with. It could be untrusted user content that came from the server. But even if you do know where it came from, just don't do it. It's a bad habit and the day it burns you it might sting. |
|
|