Open ChrisBAshton opened 5 years ago
The basic example stringifies then replaces any <
with its unicode character, which works when a script is added to the page (I just tested it). I would recommend doing that; it also helps prevent script injection attacks.
Thanks @jtart - will take a look.
react-universal-app uses this mechanism:
If
data
contains any<script>
tag - even inside a string, and even if the value isn't used anywhere - the app crashes.