Currently, InfiniteScroll allows for external scripts within embedded content.
Would be nice to have a "secure only" mode parameter, which passes all html through DOMPurify before calling innerHTML (or ideally right after fetching the new html). Additionally, "secure only" mode would not attempt to call refreshScripts() to prevent external scripts from ever loading.
Currently, InfiniteScroll allows for external scripts within embedded content.
Would be nice to have a "secure only" mode parameter, which passes all html through DOMPurify before calling
innerHTML(or ideally right after fetching the new html). Additionally, "secure only" mode would not attempt to callrefreshScripts()to prevent external scripts from ever loading.