How to saftey sanitize html content before injection in jquery-pajax? #747
Description
HI Everyone,
`fire('pjax:beforeReplace', [container.contents, options], {
state: pjax.state,
previousState: previousState
})
context.html(container.contents)`
The content is injected into context.html, which can potentially introduce XSS vulnerabilities if the response contains unsafe HTML.
Is there a recommended or built-in way to sanitize the content before it's injected, or do we need to implement our own client-side sanitization (e.g., using Dompurify) outside the library?
Also, are there any plans to include built-in sanitization or hooks for this in future releases? thanks