A modern programming language that makes developers happier.

kotlinlang

How big of a security vulnerability is using Thymeleaf's `th:utext`? I'm trying to render a page using Thymeleaf but there are certain parts of the website which are much easier rendered using `kotlinx.html`. I'd like to inject them using `th:utext` but <https://stackoverflow.com/a/23294426/7060972|this Stackoverflow answer> and a comment underneath it says it's a security vulnerability.

A giant one: you have to avoid getting _any_ user input inside that.
Eg, if user could provide content of the variable, he could just provide `&lt;script&gt; /* arbitrary JS */ &lt;/script&gt;` and do whatever he wanted every time that gets rendered.

Of course, if you prevent user providing input to this variable, it should not be issue. (But of course, think long and hard why you want to do that)

Yeah, understandable. Thank you. What are my other options?

If I want to mix kotlinx.html with let's say Thymeleaf.