Skip to content

Commit 10b0691

Browse files
tolly-xyzRich-Harris
tolly-xyz
and
Rich-Harris
authored
Replace XSS abbreviation with Cross-Site Scripting and link to OWASP (sveltejs#216)
* Replace XSS abbreviation with Cross-Site Scripting and link to OWASP * Update README.md --------- Co-authored-by: Rich Harris <[email protected]>
1 parent 00631a4 commit 10b0691

File tree

1 file changed

+1
-1
lines changed
  • content/tutorial/01-svelte/01-introduction/06-html-tags

1 file changed

+1
-1
lines changed

content/tutorial/01-svelte/01-introduction/06-html-tags/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,4 @@ In Svelte, you do this with the special `{@html ...}` tag:
1212
<p>{+++@html+++ string}</p>
1313
```
1414

15-
> Svelte doesn't perform any sanitization of the expression inside `{@html ...}` before it gets inserted into the DOM. In other words, if you use this feature it's critical that you manually escape HTML that comes from sources you don't trust, otherwise you risk exposing your users to XSS attacks.
15+
> Svelte doesn't perform any sanitization of the expression inside `{@html ...}` before it gets inserted into the DOM. In other words, if you use this feature it's critical that you manually escape HTML that comes from sources you don't trust, otherwise you risk exposing your users to <a href="https://owasp.org/www-community/attacks/xss/" target="_blank">Cross-Site Scripting</a> (XSS) attacks.

0 commit comments

Comments
 (0)