Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
masklinn
9 days ago
|
parent
|
context
|
favorite
| on:
Why the Sanitizer API is just `setHTML()`
> Are there any examples where the first approach (sanitize to string and set inner html) is actually dangerous?
The term to look for is “mutation xss” (or mxss).
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
The term to look for is “mutation xss” (or mxss).