|
|
|
|
|
|
by Doxin
702 days ago
|
|
|
That seems like it's doing a LOT more than what you'd want a sanitizer to do. For HTML you really just want to escape a couple characters with special meaning. You probably can get away with just replacing < and > with their substitution sequences. That way people can still discuss XSS exploits without your sanitizer deleting a bunch of the text they entered on purpose. |
|
|