DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Hi Team,
I have a textarea and whatever that is typed in the textarea becomes added to the end of the head of current document and end of body of current document, So 95% of the times the input are tag contents that contains custom logic to be added to header and footer of the website so that end user can whitelabel the website for their usecase. So an XSS vulnerability has been found in this text area, because obviously the script that is entered there is going to be executed when it is added to the header and footer of the page.
The ideal data would be google analytics script logic in header and custom whitelabel content for the footer, so in this usecase I am unable to use DOMPurify because I need it to allow Githubissues.
Githubissues is a development platform for aggregating issues.
Hi Team, I have a textarea and whatever that is typed in the textarea becomes added to the end of the head of current document and end of body of current document, So 95% of the times the input are tag contents that contains custom logic to be added to header and footer of the website so that end user can whitelabel the website for their usecase. So an XSS vulnerability has been found in this text area, because obviously the script that is entered there is going to be executed when it is added to the header and footer of the page.
The ideal data would be google analytics script logic in header and custom whitelabel content for the footer, so in this usecase I am unable to use DOMPurify because I need it to allow Githubissues.