All user-generated content displayed to other users will need to be sanitized to prevent vulnerabilities like XSS

international-child-art-foundation / arts-olympiad

ICAF Paris 2024 Arts Olympiad website

Apache License 2.0

0 stars 10 forks source link

All user-generated content displayed to other users will need to be sanitized to prevent vulnerabilities like XSS #172

Open 31Hemlock opened 4 months ago

31Hemlock commented 4 months ago

A library like dompurify (https://www.npmjs.com/package/dompurify) will need to be used on the Gallery and Dashboard pages to ensure all content is properly sanitized and not susceptible to executing user-submitted Javascript code.

haydenlinder commented 4 months ago

@31Hemlock React is relatively safe from this by default. Here are a few cases to consider:

https://stackoverflow.com/questions/33644499/what-does-it-mean-when-they-say-react-is-xss-protected