Closed lisahns closed 1 year ago
with your sanitize function you're only sanitizing the first < that is enterted
<
that means if I type
<<script>alert("I am a hacker")</script>
it will sanitize the first < and the rest will go through as script like this
adding /g to your regex will replace all < tags and then people would not be able to enter js script into your website
with your sanitize function you're only sanitizing the first
<that is entertedthat means if I type
<<script>alert("I am a hacker")</script>it will sanitize the first
<and the rest will go through as script like thisadding /g to your regex will replace all
<tags and then people would not be able to enter js script into your website