| ▲ | rafram 3 days ago | |||||||
You still should not be building HTML and JS using string interpolation. | ||||||||
| ▲ | hallak 3 days ago | parent [-] | |||||||
Absolutely! I've removed all references of HTML and JS using string interpolation. (jk) This is definitely a drawback with with vibe-coding. I never really write like HTML5 style code - at work I always use typescript with heavy ESLint, so never have to worry about this. I figured the string sanitization in the backend would take care of any XSS vulns, which was my main concern. But I will have to read into the dangers of string interpolation which I admit I do not remember too much about (outside of the XSS stuff I tried to mitigate). Thanks for giving the opportunity to learn... :) | ||||||||
| ||||||||