Comment by gen3

5 months ago

You could move the sanitation to the front end securely, it would just need to be right before render (after fetching the data to the browser). Some UI libraries do this automatically (like React) and the dompurify can run in the browser for this task.

It could have done a better job outlining how to do it properly

2 comments

gen3

Reply
smt88  5 months ago

GP was talking about input sanitization, not output

  • gen3  5 months ago

    Yes, but the AI was talking about implementing output sanitization in its proposed solutions.

    > An alternative approach is to store the raw markdown content and handle rendering and sanitization in the browser: