Preventing SQL Injection in Bubble + WYSIWYG Plugin

I assume Bubble prevents against SQL injection in all input fields, etc. Can anyone confirm?

Additionally, with the new Vanilla Rich Text Editor (i.e., WYSIWYG), I confirmed with it’s author that the HTML text is being converted to plain text on the client and then Bubble stores it as plain text. So, I assume this makes the HTML from this plugin also guarded against SQL injection, right?


Can someone from bubble please answer this? I think is crucial to know if we have to do something from our side



1 Like

Seems like this is the only other post on the topic here in the forum.

So I’m going to guess there’s nothing we need to do (like like limiting character types on input fields) in order to prevent SQL injections ?
But XSS might be another topic…

1 Like

@emmanuel @kathleen @grace.hong UP. Think this is important for security purposes

1 Like

Any updates on this?