weavejester
commented
8 years ago Maybe... It doesn't make a very strong case for that recommendation, but on the other hand I don't see the harm in it, either.
Open danielcompton opened 8 years ago
weavejester
commented
8 years ago Maybe... It doesn't make a very strong case for that recommendation, but on the other hand I don't see the harm in it, either.
OWASP recommend escaping forward slashes as well. Would you be happy to take a PR for this?
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content