Hello awesome developers! I have a security related question. I have been storing important information into HTML buttons so that I can retrieve that information when I call an event. I do this by passing the element into the event using the 'this' keyword. Here is an example in using EJS.
<% if (categories.length > 0) { %>
<table>
<tr>
<th>Category</th>
<th>Description</th>
<th>Function</th>
</tr>
<% categories.forEach(category => { %>
<tr>
<td><%=category.name%></td>
<td><%=category.description%></td>
<td>
<button env=<%=NODE_ENV%> _id=<%=category._id%> onclick='deleteCategory(this)'>Delete</button>
</td>
</tr>
<% }) %>
</table>
<% } %>
the button has my category._id attached to it. Is this bad practice and does it pose a security risk?
Thank you so much for your time, I just want to be sure I am doing things in the 'correct' manner.
