XSS

  1. <script src="https://cdn.bootcdn.net/ajax/libs/dompurify/2.3.0/purify.js"></script>
  1.  <strong>${DOMPurify.sanitize(data.content[i].mbName)}</strong>
  1. //昵称输入框的监听
  2. document.querySelector("#name").addEventListener("keydown", debounce(function () {
  3.     const content = DOMPurify.sanitize(this.value.trim());
  4.     if (content.length <= 0) {
  5.         $("#name").popover("show");
  6.     } else if (testEmail($("#emali").val())) {
  7.         $("#name").popover("hide");
  8.         document.querySelector("#submit").className = "btn btn_submit_scuess";
  9.     } else {
  10.         $("#name").popover("hide");
  11.     }
  12. }, 100));

转义html

  1. function mdToHtml(markdownText) {
  3.   return DOMPurify.sanitize(marked(markdownText, {
  5.     gfm: true
  7.   }));
  9. }
  1.  ${mdToHtml(data.content[i].mbContent)}