An embeddable script that makes source-code snippets in HTML prettier.
Geek Repo:Geek Repo
Github PK Tool:Github PK Tool
rugk opened this issue 4 years ago · comments
If you use untrusted user-input, escape that to be HTML-escaped and (via DOMPurify etc.) and then run prettify over that code, is this safe?
Or may it introduce an XSS risk as such that you prettify the code after inserting/escaping?