Open sberyozkin opened 1 year ago
/cc @mkouba
For the record, for HTML and XML templates the '
, "
, <
, >
and &
characters are escaped by default if a template variant is set, see https://quarkus.io/guides/qute-reference#character-escapes for more details.
Description
While the new CSRF prevention feature can help with handling reflected XSS attacks, Qute can help with getting the recorded HTML fragments sanitized via some of its customization options - it needs to be verified and documented
Implementation ideas
No response