search

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
http://jsxss.com
Other
5.16k stars 633 forks source link

Doesn't sanitize "<p>abc<iframe//src=jAva&Tab;script:alert(3)>def</p>" #283

Open LeanKhan opened 11 months ago

LeanKhan commented 11 months ago

This particular HTML snippet would cause the alert to be executed. The library however, doesn't prevent this.