How to avoid xss attack?

Question

How to avoid xss attack?

PEIYANGXINQU opened this issue 7 years ago · 3 comments

It seems that doT do not check the input content.If the content is alert(999)</script>,then it will execute and alert the window. How to avoid this situation?

Answer 1 · 2018-01-29T05:54:50.000Z

doT is not a sanitizer but a compiler, so that is not its job. In your case, you have to use 3rd-party lib on top of it.

Answer 2 · 2018-01-29T05:57:35.000Z

@leoyli ,Hi,Do you know that the other template js called Mustache have the xss protect or not?

Answer 3 · 2018-01-29T09:58:51.000Z

@PEIYANGXINQU that's unlikely, as it's out of scope, although this question should be asked there.