User input validation

Welcome to Meta @Cal :wave:

Those fields are sanitized/escaped. Plus, Discourse has CSP enabled by default.

Those are also sanitized. They’re also only accessible to admins, and there’s also CSP.

If you’ve found a user-input security issue that happens with CSP on, we’d love to hear about it here.

7 Likes