undefined | Better HN

0 pointsjstanley3y ago0 comments

This sounds potentially useful, but I'm not sure about the practicality.

It's usually pretty easy to not write XSS vulnerabilities, as long as you know they are a thing you need to think about.

Given that people don't bother to avoid writing XSS bugs right now, why do you think they will bother to use your tool to avoid writing XSS bugs in the future?

0 comments

1 comments · 1 top-level

bugmen0t3y ago

Given the new DOM API, it’s also relatively easy to forbid the "bad APIs" using something like eslint (at the source level) or Trusted Types (at runtime).

The hope is to also cater to frontend frameworks enough that they will adopt it. There are already some conversations.

j / k navigate · click thread line to collapse