Vulnerability Disclosure Contact

Sayan751 · April 10, 2019, 7:17am

I have used sanitize-html package (justification: https://www.npmtrends.com/sanitize-html-vs-dompurify) to have a rather simplistic value converter.

import sanitizeHtml = require("sanitize-html");

export class SanitizeHtmlValueConverter {
  public toView(value: string) {
    return !!value ? sanitizeHtml(value) : "";
  }
}

And then used it as

<my-el innerhtml.bind="htmlString|sanitizeHtml"></my-el>

Is this good enough? Or am I missing something?

Topic		Replies	Views
XSS vulnerability in HTMLSanitizer might be insufficiently handled Framework Knowledge	2	1533	May 19, 2021
Plugin for using DOMPurify as Aurelia's HTML sanitizer Framework Knowledge	29	1645	May 22, 2021
Security Concerns in Aurelia	9	2235	November 22, 2017
Where is Aurelia 2's HTMLSanitizer? vNext	7	228	July 3, 2024
Aurelia Plus - A collection of common use case tools for use in Aurelia applications Framework Knowledge	6	1205	January 31, 2018

Vulnerability Disclosure Contact

Related topics