@ktjs/mui 0.34.1 → 0.34.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -41,3 +41,17 @@ cd my-app
|
|
|
41
41
|
pnpm install
|
|
42
42
|
pnpm dev
|
|
43
43
|
```
|
|
44
|
+
|
|
45
|
+
## Security model
|
|
46
|
+
|
|
47
|
+
kt.js intentionally trusts application code and keeps DOM operations explicit.
|
|
48
|
+
|
|
49
|
+
- Text children are inserted as text nodes by default.
|
|
50
|
+
- `k-html` is a raw HTML escape hatch that writes to `innerHTML` without sanitization.
|
|
51
|
+
- Prefer `on:*` event bindings. Do not pass raw `onclick` / `onerror` style strings.
|
|
52
|
+
- Attributes such as `href`, `src`, `srcdoc`, `action`, and SVG URL attributes are forwarded as-is.
|
|
53
|
+
- If you bind untrusted input, sanitization and validation must be handled by your application.
|
|
54
|
+
|
|
55
|
+
## License
|
|
56
|
+
|
|
57
|
+
MIT License.
|