Dangerous Reactivity: Why AI Output Is the New XSS

Vue developers (amongst others, ofc) know one golden rule: never use v-html on user input. Yet, as we're integrating Large Language Models (LLMs) into our applications, we often make a fatal mistake. We're treating AI output as a trusted source. This is fine. Well, not automatically.... Let’s look at OWASP LLM05 and how "Improper Output Handling" affects web security. Therefore, let's discuss examples of how safe inputs can trick models, leading to vulnerabilities such as XSS and injection attacks. By the end, you’ll learn how to be "professionally pessimistic" for AI. You’ll see how to sanitize LLM data, safely render Markdown, and manage AI-generated content. Let's approach technology with caution, I look forward to exploring this with you! ❤️