[ad_1]
I have a wordpress site with input. I was using oninput in my input elements in order to respond to the text value as the user typed. After publishing though, wordpress automatically removed those attributes from the elements. Does anyone know why? Could it be a plugin I’m using? Is there a proper way to do this?
I read from a stack overflow thread that oninput is vulnerable to XSS and event listeners should be used instead. I don’t understand what an event listener does different. Is the idea that the sanitizer is present in the event callback before the other processing? Is it actually vulnerable to XSS?
[ad_2]