DOMPurify cleans potentially malicious HTML out of inputs. Added DOMPurify to pages where a regular user can input data into the DB through a form. These pages are the login page, register page and also the "edit profile" page. DOMPurify is implemented in fields where text input is allowed but not strictly controlled. Not implemented in First/Last Name, because those inputs already go through a thorough check that doesn't allow any special characters for example.
DOMPurify cleans potentially malicious HTML out of inputs. Added DOMPurify to pages where a regular user can input data into the DB through a form. These pages are the login page, register page and also the "edit profile" page. DOMPurify is implemented in fields where text input is allowed but not strictly controlled. Not implemented in First/Last Name, because those inputs already go through a thorough check that doesn't allow any special characters for example.