allowCommentTag: true, 的时候 css 标签会被转义掉

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.2k stars 629 forks source link

Open bindoon opened 5 years ago

bindoon commented 5 years ago

<!-- banner -->
被转为
&lt;!-- banner --&gt;

导致  被直接展示出来

firebear-ssl commented 3 years ago

确是，还是被转义了。