I would disagree, at least in the bigger picture. So if you use a really popular framework in kind of a default way and don't fiddle around with anything, I would kind of agree, since they really try to provide security by default and that's a good thing. But if you look at the CVE database, you can find nearly 200 XSS vulernabilities found in 2024. So as soon as you start using dependencies, develop your own stuff etc., you are always in danger of introducing security holes to your software. Using standard software does not make you invulnerable.
None of this works if developer used popular frameworks which handled everything 😂😂😂
I would disagree, at least in the bigger picture. So if you use a really popular framework in kind of a default way and don't fiddle around with anything, I would kind of agree, since they really try to provide security by default and that's a good thing. But if you look at the CVE database, you can find nearly 200 XSS vulernabilities found in 2024. So as soon as you start using dependencies, develop your own stuff etc., you are always in danger of introducing security holes to your software. Using standard software does not make you invulnerable.