XSS Prevention in {#html}
Understand the risks of {@html} and how to sanitize untrusted HTML.
What XSS Is
Cross-Site Scripting injects malicious scripts into pages, often via untrusted user input.
Default Safety
Svelte escapes interpolated text by default. {user.name} is safe.