Ronald
Reputation: 187
Most strict DOMPurify configuration?
I used the default DOMPurify (https://github.com/cure53/DOMPurify/tree/main) configuration for input sanitization in JavaScript, but noticed that tags like "h3" are allowed. I was wondering what the most strict DOMPurify configuration is (to only allow text)? The goal is to prevent XSS.
Upvotes: 1
Views: 187
Answers (0)
Related Questions
- How to install, import and use DOMPurify in frontend js file?
- How can I allow <td> and <tr> tags in DOMPurify?
- Security implication of allowing attributes while sanitising HTML using DOMPurify
- How to Implement DOM Data Binding in JavaScript
- Why use a whitelist for HTML sanitizing?
- HTML Purifier - Change default allowed HTML tags configuration
- ReqEx expression for form validation
- <script> tags - Will leaving/creating a space (< script>) reduce the threat of XSS?
- Using BBCodes...Parse HTML or remove it altogether? (XSS/PHP)