This is a great overview of what XSS is and how you can protect against it. Especially good to see the call out to the Trusted Types API! While it's only in chromium currently there's active work by Igalia (inc me) to implement and ship it in WebKit and Firefox.
https://front-end.social/@openwebdocs/113673416289556495
=> More informations about this toot | More toots from Lukew@toot.wales
@Lukew will Trusted Types still be necessary if the Sanitizer API becomes a thing? I’ve only skim-read about them and feel confused about how the two things will relate to each other.
=> More informations about this toot | More toots from Olliew@indieweb.social
@Olliew short answer yes. For one thing trusted types is a way to ensure you don't accidentally use an unsafe sink. There's also going to be circumstances where you do want to use an unsafe sink and trusted types ensures you can do that in a controlled way. But also trusted types covers more than what the sanitizer API does.
=> More informations about this toot | More toots from Lukew@toot.wales
@Lukew Thank you, Luke! :) We're also excited to see Trusted Types shipping cross-browser and are intending to refresh the docs for it when it does. We'd be very happy if we could get your technical review on these docs when that happens.
=> More informations about this toot | More toots from openwebdocs@front-end.social
@openwebdocs I'd happily review them!
=> More informations about this toot | More toots from Lukew@toot.wales This content has been proxied by September (3851b).Proxy Information
text/gemini