Writing secure HTML applications excerpt fromĀ https://html.spec.whatwg.org/#writing-secure-applications-with-html:
1.11.1 Writing secure applications with HTML
https://html.spec.whatwg.org/#writing-secure-applications-with-html
This section is non-normative.
When HTML is used to create interactive sites, care needs to be taken to avoid introducing vulnerabilities through which attackers can compromise the integrity of the site itself or of the site's users.
A comprehensive study of this matter is beyond the scope of this document, and authors are strongly encouraged to study the matter in more detail. However, this section attempts to provide a quick introduction to some common pitfalls in HTML application development.
...