Why it matters

XSS via LLM is web UI risk. Understanding shapes rendering safety.

Advertisement

The architecture

Attacker injects payload.

LLM emits HTML/JS.

Client renders + executes.

XSS via LLM flowInjectionuser or docLLM emitsHTML / JSClient rendersXSS executesEscape/sanitize markdown + HTML; DOMPurify; CSP; never render raw
XSS.
Advertisement

How it works end to end

Sanitize output HTML (DOMPurify).

Content Security Policy.

Render markdown safely.

Never trust LLM raw.