DOMPurify adjusts HTML option to deactivate

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

https://cure53.de/purify

Other

13.67k stars 698 forks source link

DOMPurify adjusts HTML option to deactivate #838

Closed Antonio225t closed 1 year ago

Antonio225t commented 1 year ago

DOMPurify.sanitize('<details><summary>Test</summary>'); //Becomes '<details><summary>Test</summary></details>'

Is there a way to deactivate this but still removing <script>, <style>, ect.? Thanks in advance.

Antonio225t commented 1 year ago

Since I didn't find something on this to deactivate that, I'm building my own sanitizer. Please tell me if there is something that can deactivate this. Thanks in advance.

Antonio225t commented 1 year ago

Ok I switched to js-xss and it works.