I wonder how it handles cases like this: <sc<script>ript>alert('XSS')</sc</scrip... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ataylor32 on May 6, 2021 \| parent \| context \| favorite \| on: HTML Sanitizer API I wonder how it handles cases like this: <sc<script>ript>alert('XSS')</sc</script>ript> ...and other strings from https://github.com/minimaxir/big-list-of-naughty-strings

open-paren on May 6, 2021 [–]

  > (new Sanitizer()).sanitizeToString(`<sc<script>ript>alert('XSS')</sc</script>ript>`)
  "ript&gt;alert('XSS')ript&gt;"

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact