Hi, I have a Blog-post content type in Strapi and one of the field is of JSON data type.
I am feeding this JSON to a script tag on frontend using dangerouslySetInnerHTML attribute.
I have read this online that dangerouslySetInnerHTML attribute makes the website vulnerable to the XSS attacks. So, I need to sanitize HTML before and then feed to script tag. Probably, I can use the DOMPurify library to sanitize the data.
My question is that do I need to sanitize the data if all the content is being writtern by either myself or my trusted authors who have access to the Strapi.
Blog visitors are not allowed to post any type of content or comments.
P.S: I am using NextJS on the frontend.