mfacar
commented
1 month ago DOMPurify has some restrictions related to ESM, #7206 added sanitize-html, it is lighter and easier to use, to sanitize markdown properties inputs from metadata edition and public forms, the pages however, don't have this control since could be breaking the admin-defined pages if some attribute is not specified in the white list.
While we have some basic validation for problematic HTML and potential security issues within rich text fields and pages, it would be advisable relying in something like https://github.com/cure53/DOMPurify.
Derived from: https://github.com/huridocs/uwazi/issues/6894