XSS in Make Automations: Risks, Tradeoffs, and Fixes
Make is great at moving data between systems. That convenience is exactly why XSS can sneak in so easily. I’ve seen teams assume XSS is only a frontend bug. Then they wire Make into forms, CRMs, CMS tools, Slack, email builders, internal dashboards, and webhook handlers. Suddenly untrusted input is flowing through ten services, getting reformatted three times, and landing in HTML somewhere nobody reviewed carefully. That’s the real problem with XSS in Make automations: Make usually isn’t the final vulnerable layer, but it can absolutely become the delivery mechanism. ...