untrusted user input with x-text? #3071
-
|
I have some user input that I wish to display, back on the webpage: <p x-text="`${untrusted_user_input} `">
</p>Is the above code safe? Do I need to sanitize before displaying it to the user? Any pointers would be much appreciated. |
Beta Was this translation helpful? Give feedback.
Answered by
jimmywarting
Aug 1, 2022
Replies: 1 comment
-
|
x-text uses innerText, so it should be safe to use. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
benkoshy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
x-text uses innerText, so it should be safe to use.
you can't have any html tags or attributes when setting the content using innerText.