How should XSS protection be done?
I've got a feedback-form where a user is able to type anything right now. This includes script tags
<script>...</script>.
What is the recommended precaution that should be taken?
I imagine I would have to do something on supabase, perhaps some type of text filtering function?
Any hints will be appreciated :namastedoge:1 Reply
Supabase won’t care what your data is. The content of a column is never executed normally. You can do simple constraints on columns with Postgres, a before insert trigger to clean and change NEW.columnname , or an edge function.