Remix clone Hacker News

new | show | ask | jobs Github

	▲	evilpie 8 hours ago
		You aren't reading it right. `new Sanitizer({})` This Sanitizer will allow everything by default, but setHTML will still block elements/attributes that can lead to XSS. You might want something like: `new Sanitizer({ replaceWithChildrenElements: ["h1"], elements: [], attributes: [] })` This will replace <h1> elements with their children (i.e. text in this case), but disallow all other elements and attributes.