lastmjs
commented
6 years ago Actually that didn't make sense, we need to sanitize the html coming from the database, it doesn't necessarily matter if the wysiwyg-e already has sanitization built in, we can't just trust html coming from the server to be clean
It looks like wysiwyg-e already has sanitization built-in...so we might not need to use DOMPurify in addition to the wysiwyg-e sanitization.