|
|
|
|
|
|
by evilpie
112 days ago
|
|
|
You aren't reading it right. new Sanitizer({})
This Sanitizer will allow everything by default, but setHTML will still block elements/attributes that can lead to XSS.You might want something like: new Sanitizer({ replaceWithChildrenElements: ["h1"], elements: [], attributes: [] })
This will replace <h1> elements with their children (i.e. text in this case), but disallow all other elements and attributes. |
|
|