Best Practices: Security for Content Components
Estimated Reading Time: 1 minute
By now, you're likely familiar with a wide range of components offered in the Unqork Designer Platform. Some components have more cut and dry uses than others, which can become confusing. One example is the Content component, which offers such wide-ranging functionality that it can be difficult to know when and how to use it. In this
Avoid Using HTML in Content Components
When working with Content components, it's important to remember the main reason for using Unqork in the first place: Unqork is a no-code solution. Avoid using Content components to hold any type of code whenever possible. If you find yourself without any other options, remember the source of any data being pulled using that HTML. If you're rendering data into an HTML element, make sure you do it securely.
For example, the following excel export code is not safe and executes XSS (cross-site scripting): <span ng-bind-html="data.xssOutput | safehtml">
Avoid Storing Sensitive Values
Never use the Content component to store API (Application Programming Interface) keys or access credentials.
Do not use a Content component to collect private information or to store it for personal use.