-
This was a library that was brought in for displaying ANSI color codes in the build detail command output. It is currently unused, but was loaded async previously. It seems we could use this for notif…
-
Write a unit test where ```se.scrubHTML``` takes an html element and only returns the text of that element.
-
When editing a text in the text element of an experience world, the customized text is not adopted. However, this only happens if you are in the source code view. It is important that the focus is pre…
-
I've implemented the package like this in my express app:
```js
const { xss } = require('express-xss-sanitizer');
app.use(xss());
```
Unfortunately it doesn't change the user input.
When I for…
-
Hi, I just wondered if sanitize-html will not be a good candidate to replace html-janitor
I say this because:
1) html-janitor has a security issue XSS Note :
This library has not been extens…
-
There are many places that accept v-html input and the input isn't sanitized for xss attacks, we leave this to the user. I think we should remove all the v-html places since we have slots everywhere t…
-
Original [issue 1411](https://code.google.com/p/google-caja/issues/detail?id=1411) created by jasvir on 2011-09-15T18:16:20.000Z:
The docs at http://code.google.com/p/google-caja/wiki/JsHtmlSanitizer…
-
I propose that we do this in Python, not on the client in Javascript.
**Reasoning:**
- Python tools are good, and JS ones not as much
- With a large chunk of markup, client side processing could hur…
-
The sanitiser needs revision. ```
strip_tags
``` is used as soon as no ```
AllowHtml()
``` is set, which is known to be completely unsuitable for HTML sanitisation, as e.g. individual ```
<
``` charac…
-
```
The docs at http://code.google.com/p/google-caja/wiki/JsHtmlSanitizer are
insufficient.
```
Original issue reported on code.google.com by `jas...@gmail.com` on 15 Sep 2011 at 6:16