Yaniv-git
Results
2
comments of
Yaniv-git
If the sanitized SVG content is then served via an SVG file (meaning `Content-Type: image/svg+xml`) the sanitization should have only the SVG namespace (taken example from [here](https://github.com/cure53/DOMPurify?tab=readme-ov-file#control-our-allow-lists-and-block-lists)): ``` const clean...
I'm not familiar with the code base but I think there are some simple mitigations such as 1. For the `noscript` element: it might be as simple as changing the...