Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Short snippet showing how things can get if you decide to use HTML entities in a malicious string
var s = "surprise!&lt;/script&gt;&lt;script&gt;alert('whoops!')&lt;/script&gt;";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.