Title here
Summary here
DOMPurify is the leading client-side XSS sanitizer for HTML, MathML and SVG.
Examples of sanitization:
DOMPurify.sanitize('<img src=x onerror=alert(1)//>'); // becomes <img src="x">
DOMPurify.sanitize('<svg><g/onload=alert(2)//<p>'); // becomes <svg><g></g></svg>
DOMPurify.sanitize('<p>abc<iframe//src=jAva	script:alert(3)>def</p>'); // becomes <p>abc</p>
DOMPurify.sanitize('<math><mi//xlink:href="data:x,<script>alert(4)</script>">'); // becomes <math><mi></mi></math>
DOMPurify.sanitize('<TABLE><tr><td>HELLO</tr></TABL>'); // becomes <table><tbody><tr><td>HELLO</td></tr></tbody></table>
DOMPurify.sanitize('<UL><li><A HREF=//google.com>click</UL>'); // becomes <ul><li><a href="//google.com">click</a></li></ul>
<?xml-stylesheet > <img src=x onerror="alert('DOMPurify bypassed!!!')"> ?>
<?img ><img src onerror=alert(1)>?>
<![CDATA[ ><img src onerror=alert(1)> ]]>
<math><mtext><h1><a><h6></a></h6><mglyph><svg>
<mtext><style><a title="</style><img src onerror='alert(1)'>"></style></h1>
<form><math><mtext></form><form><mglyph><svg>
<mtext><style><path id="</style><img onerror=alert(\'XSS\') src>">
<math><mtext><table><mglyph><style>
<!--</style><img title="--><img src=1 onerror=alert(1)>">
<math><mtext><table><mglyph><style>
<!--</style><img title="--></mglyph><img	src=1	onerror=alert(1)>">
<form>
<math><mtext>
</form><form>
<mglyph>
<style></math><img src onerror=alert(1)>
<svg></p><style><a id="</style><img src=1 onerror=alert(1)>">