Indexing HTML Attributes and Unique Indexes

Oriol _ oriol-bugzilla at
Wed May 22 23:10:57 UTC 2019

> About being unique, you can always 
> `document.querySelector('[attribute="' + value +'"]')`

This code is vulnerable to CSS injection, input values shouldn't be 
inserted raw into queries!
You can use `CSS.escape` to sanitize.

-- Oriol

More information about the es-discuss mailing list