Skip to content

Commit

Permalink
docs: Added better security warning about SAFE_FOR_XML to README
Browse files Browse the repository at this point in the history
  • Loading branch information
@cure53
cure53 committed Jun 25, 2024
1 parent fa542df commit 9978cec
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,9 @@ const clean = DOMPurify.sanitize(dirty, {SAFE_FOR_TEMPLATES: true});


// change how e.g. comments containing risky HTML characters are treated.
// be very careful, this setting should only be set to `false` if you really only handle
// HTML and nothing else, no SVG, MathML or the like.
// Otherwise, changing from `true` to `false` will lead to XSS in this or some other way.
const clean = DOMPurify.sanitize(dirty, {SAFE_FOR_XML: false});
```

Expand Down

0 comments on commit 9978cec

Please sign in to comment.