Ah yes, xss is no concern if server side doing the sanitization, and cors enabled. Correct me if I've missed something