this post was submitted on 10 Jul 2023
109 points (99.1% liked)
Technology
3 readers
7 users here now
Talk about anything tech related!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Pretend that all HTML needs to be escaped and only disable it on a case-by-case basis.
And use the Content-Security-Policy header to limit where scripts can load from, just in case you miss escaping HTML somewhere.
They did, but then they turned those protections off, lol