Comment by Uninen

5 months ago

One thing about the reply gives away why Claude is still basically clueless about Actual Thinking; it suggested me to move the HTML sanitization to the frontend. It's in the CF function because it would be trivial to bypass it in the frontend making it easy to post literally anything in the db. Even a junior developer would understand this.

3 comments

Uninen

Reply
gen3  5 months ago

You could move the sanitation to the front end securely, it would just need to be right before render (after fetching the data to the browser). Some UI libraries do this automatically (like React) and the dompurify can run in the browser for this task.

It could have done a better job outlining how to do it properly

  • smt88  5 months ago

    GP was talking about input sanitization, not output

    • gen3  5 months ago

      Yes, but the AI was talking about implementing output sanitization in its proposed solutions.

      > An alternative approach is to store the raw markdown content and handle rendering and sanitization in the browser: