I am using html-sanitizer to clean html and prevent xcss ijection although I am facing a problem.
When a user types a caracter such as &, >, <, "" it gets converted to their equivalent HTML character references (& --> &, < --> <, and so on).
Here's my code sample it's very simple I need to allow those caracters and i couldn't find a way to do so:
let clean = sanitizeHtml(req.body.content, {
allowedAttributes: {
span: ["data-*", "class"],
},
});
Can anyone provide help or insights?