[QUESTION] "<" and ">" valid on it's own

[fullyonline]

I'm so sorry to open up an issue, but I can't figure it out.

Background & Context

On our express server we use 'isomorphic-dompurify', so that we don't have to use 'jsdom'.

isomorphic-dompurify

The Output from 'isomorphic-dompurify' is how I would like my output.

code

This is the code and config we use:

import DOMPurify from 'isomorphic-dompurify';

const config = { ALLOWED_TAGS: [], KEEP_CONTENT: true };

export function sanitizeString(input: string | undefined | null): string | undefined | null{
    return input ? DOMPurify.sanitize(input, config) : input;
}

output

  test('test string, with > tag in body', () => {
      expect(sanitizeString(`test string, with > tag in body`)).toEqual('test string, with > tag in body');
  });

DOMpurify

When I clean the same string with DOMpurify I get another output.

code

import DOMPurify from 'dompurify';

const config = { ALLOWED_TAGS: [], KEEP_CONTENT: true };

export function sanitizeString(input: string | undefined | null): string | undefined | null {
    return input ? DOMPurify.sanitize(input, config) : input;
}

output

string used in input field: test string, with < in body

result (without the space between '&' and lt;) : test string, with & lt; in body

Question

How do I get the output from my 'isomorphic-dompurify' example in DOMpurify? We need the "<" and ">" to be in the database, since not all consumer of this data are browsers of some sort.

[cure53]

Likely no way without using a hook or doing any crazy stunts.

We need the "<" and ">" to be in the database, since not all consumer of this data are browsers of some sort.

The only way I see would be converting it manually after sanitization - or decode when outputting.