Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
const escaped = custompolicy1.createHTML('<img src=x onerror=alert(1)>');
console.log(escaped instanceof TrustedHTML); // true
el.innerHTML = escaped; // '<img src=x onerror=alert(1)>'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment