The solution is either not to embed (SQL parameter bindings) or to always escape embedded fragments based on the embedding context
For reference: The Last XSS Defense Talk - Jim Manico - NDC Porto 2022 | https://youtu.be/wRC7jyhTkEM
The solution is either not to embed (SQL parameter bindings) or to always escape embedded fragments based on the embedding context
For reference: The Last XSS Defense Talk - Jim Manico - NDC Porto 2022 | https://youtu.be/wRC7jyhTkEM