codyzu
commented
1 year ago - sanitize the input, it's used in title tags in cloud function 🤔
- consider https://www.npmjs.com/package/sanitize-html or https://www.npmjs.com/package/dompurify
- do I need to sanitize all fields? Or just the title stuff? On the front, we set the title directly.
- maybe it's not needed because of react. Maybe only neeeded in the cloud function?
- the cloud function renders data directly from the database into tags, is that a security issue?
- do we care if its only for SEO + sharing cards???