29
29
malicious input, it is not entirely foolproof. For example, it will not
34
34
<style class={{ var }}>...</style>
36
38
If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result
37
39
in unauthorized JavaScript execution, depending on how the browser renders
38
40
imperfect HTML. (Quoting the attribute value would fix this case.)