search

zalify / easy-email-editor

Easy Email Editor is a feature-rich, top open-source SaaS email editor based on React and MJML.
https://email.maocanhua.cn/
MIT License
1.68k stars 341 forks source link

How do you sanitize the JSON saved on the server to prevent XSS attacks? #340

Closed wilau2 closed 1 year ago

wilau2 commented 1 year ago

Recursively looping on the whole object to get all the content filed to pass in DOMPurify?

m-Ryan commented 1 year ago

The more common methods are:

Traverse JSON Convert to MJML or HTML I would recommend the second. You can use DOMPurify or directly write a regular expression to remove scripts.