so basically, i’m making my own tiny frontend for fun and learning nuxt stuff, and posts are plain html, but the wasteof api makes it xss proof so thats cool :)
how does the wasteof API make it xss-proof?
dompurify
the backend does that? I thought that was just the frontend.
both do
if it didn’t, we’d’ve had both of the following:
xss attack
funny cohost esque css crimes
afaik the frontend may just use v-html
since the backend does the purifying afaik