use bullet lists

Author: amirhhashemi

src/routes/solid-start/guides/security.mdx

@@ -11,13 +11,13 @@ However, this protection does not apply when using [`innerHTML`](https://docs.so
 
 To protect your application from XSS attacks:
 
-1. Avoid using [`innerHTML`](/reference/jsx-attributes/innerhtml-or-textcontent#innerhtml-or-textcontent) when possible.
-   If necessary, make sure to sanitize user-supplied data with libraries such as [DOMPurify](https://github.com/cure53/DOMPurify).
-2. Validate and sanitize user inputs.
-   Always validate form inputs on the server in addition to the client.
-3. Set a Content Security Policy (CSP).
-4. Sanitize attributes containing user-supplied data within `<noscript>` elements.
-   This includes both the attributes of the `<noscript>` element itself and its children.
+- Avoid using [`innerHTML`](/reference/jsx-attributes/innerhtml-or-textcontent#innerhtml-or-textcontent) when possible.
+  If necessary, make sure to sanitize user-supplied data with libraries such as [DOMPurify](https://github.com/cure53/DOMPurify).
+- Validate and sanitize user inputs.
+  Always validate form inputs on the server in addition to the client.
+- Set a Content Security Policy (CSP).
+- Sanitize attributes containing user-supplied data within `<noscript>` elements.
+  This includes both the attributes of the `<noscript>` element itself and its children.
 
 We highly recommend reading the [Cross Site Scripting Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html) for further guidance.