You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rendering un-sanitised html via @html is a potential xss (cross site scripting) vulnerability if that html is provided by a user. Consider removing support of html toast messages in favour of svelte component toast messages.
Warning! Svelte doesn't perform any sanitization of the expression inside {@html ...} before it gets inserted into the DOM. This isn't an issue if the content is something you trust like an article you wrote yourself. However if it's some untrusted user content, e.g. a comment on an article, then it's critical that you manually escape it, otherwise you risk exposing your users to Cross-Site Scripting (XSS) attacks.
-- https://learn.svelte.dev/tutorial/html-tags
The text was updated successfully, but these errors were encountered:
Rendering un-sanitised html via
@html
is a potential xss (cross site scripting) vulnerability if that html is provided by a user. Consider removing support of html toast messages in favour of svelte component toast messages.The text was updated successfully, but these errors were encountered: