This repository has been archived by the owner on Apr 7, 2024. It is now read-only.
Escape all values in HTML #98
Comments
|
@GHSam you are talking about changing all instances of |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I don't know if you want to but it might be worth having EJS escape all output just as a precaution to avoid any potential XSS issues.
The code looks safe but escaping all output would prevent any issues if some user input did accidentally sneak in. I can create a PR for it if you want to do it.
The text was updated successfully, but these errors were encountered: