You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many web applications allow untrusted users to upload HTML. They often do this using a rich text editor. Then, they show this HTML to other users. Email applications like Gmail are like this. However, displaying user-generated HTML is challenging from a security point of view. Sometimes you can sanitize it on the server. Sometimes you can sanitize it on the client using something like DOMPurify. However, no matter how you do it, it’s a hard problem.
It'd be great if browsers could do this for us since they know how to do it best.
This discussion was converted from issue #85 on December 04, 2020 22:39.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Many web applications allow untrusted users to upload HTML. They often do this using a rich text editor. Then, they show this HTML to other users. Email applications like Gmail are like this. However, displaying user-generated HTML is challenging from a security point of view. Sometimes you can sanitize it on the server. Sometimes you can sanitize it on the client using something like DOMPurify. However, no matter how you do it, it’s a hard problem.
It'd be great if browsers could do this for us since they know how to do it best.
https://webwewant.fyi/wants/5ee582f557f49af84b6bb374/
Beta Was this translation helpful? Give feedback.
All reactions