WingNews logo WingNews
top | item 27063004

(no title)

ataylor32 | 4 years ago

I wonder how it handles cases like this:

<sc<script>ript>alert('XSS')</sc</script>ript>

...and other strings from https://github.com/minimaxir/big-list-of-naughty-strings

discuss

order

open-paren|4 years ago

  > (new Sanitizer()).sanitizeToString(`<sc<script>ript>alert('XSS')</sc</script>ript>`)
  "ript&gt;alert('XSS')ript&gt;"