Closed ad1992 closed 2 months ago
@ad1992 , thank you for taking the time to submit this PR. However, this library is meant for sanitizing a URLs before they get injected into the DOM as part of a link or button, not for HTML or general XSS sanitization.
Please see issue #14 and #5 .
We recommend forking the repo if you need these changes added to this library. Thanks!
Currently, it doesn't sanitize the URL by removing script tags which can lead to XSS as well (eg in cases where content loaded from an external URL in iframe) hence I have created this PR to fix the same
Prev
Now