string-strip-html
revelt opened this issue · comments
Roy Revelt commented
Roy Revelt commented
I decided not to fix, the pattern causes browser's parser to patch it
such things can be attack vectors. Having said that, I'll implement the opts.stripRecognisedHTMLOnly
see #23 so whoever wants strict mild stripping will be able to "tone down" the harshness.