Indexing HTML Attributes and Unique Indexes

Oriol _ oriol-bugzilla at hotmail.com
Wed May 22 23:10:57 UTC 2019


> About being unique, you can always 
> `document.querySelector('[attribute="' + value +'"]')`

This code is vulnerable to CSS injection, input values shouldn't be 
inserted raw into queries!
You can use `CSS.escape` to sanitize.

-- Oriol


More information about the es-discuss mailing list