Is there a security model for preventing injection attacks? I'm thinking of cont... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

yodon on May 12, 2022 | parent | context | favorite | on: Nota: A Document Language for the Browser

Is there a security model for preventing injection attacks? I'm thinking of content-based injection attacks like those that try to break out of language parser enclosures in HTML or Liquid or SQL or etc.

Presumably the responsibility would largely fall on the component authors but I was curious if there were any language-level threat model or mitigation approach in mind here.

wcrichton on May 12, 2022 [–]

There isn't, and I would say Nota is not suitable for e.g. a commenting syntax on a forum. It's intended for blog posts, papers, or other documents coming from more trusted sources.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact