DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
We have the template tags {{#employees}} and {{/employees}} surrounding the <tr> element, which means it will loop on the employees and create multiple table rows.
Bug
After sanitization with dompurify, the template tags {{#employees}} and {{/employees}} are considered as improper children element of a table, so they are moved out of the <table> element, which breaks the generation of our template.
Hm, hard to fix because the browser itself removes them as they are creating invalid tables. Maybe you can solve it with a hook, but not much we can do here from a core library perspective.
Background & Context
I'm having an HTML template. In the template, I'd like to create a table of employees, so I have the following code:
We have the template tags
{{#employees}}
and{{/employees}}
surrounding the<tr>
element, which means it will loop on the employees and create multiple table rows.Bug
After sanitization with dompurify, the template tags
{{#employees}}
and{{/employees}}
are considered as improper children element of a table, so they are moved out of the<table>
element, which breaks the generation of our template.Input
Given output
Expected output
I expect that the template tags should not be moved.
Feature
Is there any options provided to not move the improper children elements? Like the template tags. Thank you so much!