is it possible to build a policy that, instead of removing problematic parts of a html string, just encodes those parts in such a way that they can do no harm when the string is used in a html-page?
So
<script>alert`1`</script>
would then be replaced by something like
<script>alert`1`</script>.
Thank you for any answer ;)
p.s. the idea behind my question is that I would like to use a policy that does not know if it deals with a string that will be used as inner html or as an "ordinary text field" with no html but where we could read a text about the " Githubissues.
Githubissues is a development platform for aggregating issues.
Hi,
is it possible to build a policy that, instead of removing problematic parts of a html string, just encodes those parts in such a way that they can do no harm when the string is used in a html-page? So
<script>alert`1`</script>would then be replaced by something like<script>alert`1`</script>.Thank you for any answer ;)
p.s. the idea behind my question is that I would like to use a policy that does not know if it deals with a string that will be used as inner html or as an "ordinary text field" with no html but where we could read a text about the " Githubissues.