flex's profile @flex

so basically, i’m making my own tiny frontend for fun and learning nuxt stuff, and posts are plain html, but the wasteof api makes it xss proof so thats cool :)

flex's profile @flex

<script>alert(1)</script>

(ignore this)

Mar 7, 2024, 4:37 AM
7 2 0
Mar 7, 2024, 2:28 PM
6 0 8

comments (single view)

View parent
lily's profile @lily Mar 7, 2024, 3:16 PM

dompurify

radi8's profile @radi8 Mar 7, 2024, 3:22 PM

the backend does that? I thought that was just the frontend.

lily's profile @lily Mar 7, 2024, 3:36 PM

both do

if it didn’t, we’d’ve had both of the following:

  1. xss attack

  2. funny cohost esque css crimes

flex's profile @flex Mar 7, 2024, 3:45 PM

afaik the frontend may just use v-html

since the backend does the purifying afaik

View all comments