|
|
|
|
|
|
by _urga
2457 days ago
|
|
|
DOMPurify (as a client-side sanitizer) uses a whitelist. There's also CSP for defense-in-depth. I would be more concerned of using server-side sanitizers due to the impedance mismatch between client/server HTML parsing algorithms. |
|
|