@jeffalo /chat may have a few xss vulnerabilities, but just HTML, no scripting (good job you are good at this)

comments (single view)

it’s intended :) it works the same as posts & comments, and is properly sanitized by dompurify

ahh ok (makes sense)

time to look at DOMpurify

just wondering, does it allow style or no?

View all comments