Hacker News new | ask | show | jobs
by ataylor32 1870 days ago
I wonder how it handles cases like this:

<sc<script>ript>alert('XSS')</sc</script>ript>

...and other strings from https://github.com/minimaxir/big-list-of-naughty-strings
1 comments
open-paren 1870 days ago 

  > (new Sanitizer()).sanitizeToString(`<sc<script>ript>alert('XSS')</sc</script>ript>`)
  "ript&gt;alert('XSS')ript&gt;"
link