Article may be outdated

This article is 10 days old. Some details may have changed since publication.

Hacker News·3 min read·medium

Is It Safe to Host HTML That Runs Its Own JavaScript?

H
HenningWitzel
Is It Safe to Host HTML That Runs Its Own JavaScript?
AI Summary

A developer explains their strategy for hosting user-uploaded HTML and JavaScript by utilizing sandboxed iframes rather than attempting to sanitize the code. This approach treats all uploaded content as inherently hostile to prevent security breaches.

We host whatever HTML people upload, JavaScript and all, and most of it is generated by an AI and never read line by line first. So the honest answer to 'what stops that code from injecting something or hijacking a session' is not that we scrub it clean. It is that we assume every page is hostile and make that assumption not matter. Here is exactly how.

Continue reading on Headlinne

Create a free account to read the full article.

Read full article →
technologybusiness

Get the full story

Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.

Create free account

Already have an account? Sign in

Is It Safe to Host HTML That Runs Its Own JavaScript? — Headlinne — headlinne