Skip to content

Commit

Permalink
Mention other popular frameworks' unsafe functions. (#1391)
Browse files Browse the repository at this point in the history
  • Loading branch information
@oliveryasuna
oliveryasuna authored Apr 23, 2024
1 parent d647705 commit d2e62ac
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ Fortunately, applications built with modern web frameworks have fewer XSS bugs,
- React’s `dangerouslySetInnerHTML` without sanitising the HTML
- React cannot handle `javascript:` or `data:` URLs without specialized validation
- Angular’s `bypassSecurityTrustAs*` functions
- Lit's `unsafeHTML` function
- Polymer's `inner-h-t-m-l` attribute and `htmlLiteral` function
- Template injection
- Out of date framework plugins or components
- and more
Expand Down

0 comments on commit d2e62ac

Please sign in to comment.