camelcaseblog/sanitize-html example.js Secret

## sanitize-html example.js
const sanitizeHtml = require("sanitize-html")

const evilHtml = `
<img
    id="xss-image"
    src="/"
    onerror="d = document;
             c = ('cooki' + 'e').trim();
             qs = 'queryS' + 'elector';
             console.log(d[c]);
             d[qs + 'All']('.top_nlsitem').forEach(n => n.style.backgroundColor = 'green');
             d[qs]('#xss-image').src = 'ht' + 'tps://upload.wikimedia.org/wikipedia/commons/c/ca/1x1.png';"
/>
`

const legitHtml = sanitizeHtml(evilHtml, { allowedTags: "img" })
console.log(legitHtml)

/* Output:
"\n<img src=\"/\" />\n"
*/
	const sanitizeHtml = require("sanitize-html")

	const evilHtml = `
	<img
	id="xss-image"
	src="/"
	onerror="d = document;
	c = ('cooki' + 'e').trim();
	qs = 'queryS' + 'elector';
	console.log(d[c]);
	d[qs + 'All']('.top_nlsitem').forEach(n => n.style.backgroundColor = 'green');
	d[qs]('#xss-image').src = 'ht' + 'tps://upload.wikimedia.org/wikipedia/commons/c/ca/1x1.png';"
	/>
	`

	const legitHtml = sanitizeHtml(evilHtml, { allowedTags: "img" })
	console.log(legitHtml)

	/* Output:
	"\n<img src=\"/\" />\n"
	*/