0Pricing
Sveltejs Academy · Lesson

XSS Prevention in {#html}

Understand the risks of {@html} and how to sanitize untrusted HTML.

What XSS Is

Cross-Site Scripting injects malicious scripts into pages, often via untrusted user input.

Default Safety

Svelte escapes interpolated text by default. {user.name} is safe.

All lessons in this course

  1. CSRF Protection in Form Actions
  2. XSS Prevention in {#html}
  3. Environment Variables: $env/static and $env/dynamic
  4. Rate Limiting with Hooks
← Back to Sveltejs Academy