Get the latest tech news
Is It Safe to Host HTML That Runs Its Own JavaScript?
We host whatever HTML people upload, JavaScript and all, and most of it is generated by an AI and never read line by line first. So the honest answer to 'what stops that code from injecting something or hijacking a session' is not that we scrub it clean. It is that we assume every page is hostile and make that assumption not matter. Here is exactly how.
None
Or read this on Hacker News