Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
vbezhenar
on Oct 7, 2020
|
parent
|
context
|
favorite
| on:
DOMPurify bypass: XSS via HTML namespace confusion
AFAIK Go template library parses HTML and applies appropriate escaping depending on context. I think that most sane HTML template libraries will do at least HTML escaping by default. Dynamic CSS and JS usually rare so you can pay extra attention.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
