如果不对<pre>， <code>代码块里的标签不做处理,例如可以输入<input>

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.19k stars 630 forks source link

Open wxydigua opened 3 years ago