TechQA.

sanitizeHtml with marked doesn't render special characters correctly (& is & and then &amp)

78 views Asked by At

I'm trying to render user input using SvelteMarkdown (that uses marked).

The steps are:

  1. user input is sanitized using sanitizeHtml
  2. sanitized user input goes to SvelteMarkdown to be rendered in html

The problem is that it does not render special characters as they should be displayed. It is because they are converted two times.

  1. input "Tom & Jerry"
  2. sanitizeHtml("Tom & Jerry") > "Tom & Jerry" - this is the format that browser needs to render it correctly
  3. SvelteMarkdown("Tom & Jerry") > "Tom & Jerry"

Not sure how to make this work while preserving safety measures. When I don't use sanitizeHtml, many things can go bad, for example <img src='x' onerror='alert("XSS")'> opens alert window after the content is rendered.

What I want to do is to render some characters like "<", ">", "&" etc but still be "safe" as I work with user generated content.

Are there any solutions?

javascript html svelte sanitization javascript-marked
Original Q&A
0

There are 0 answers

Related Questions in JAVASCRIPT

Related Questions in HTML

Related Questions in SVELTE

Related Questions in SANITIZATION

Related Questions in JAVASCRIPT-MARKED

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions