Re: [whatwg/dom] Declarative Shadow DOM (#831)

> I've been reaching out to sanitizer libraries to raise awareness of this issue, and thanks to @cure53, [DOMPurify has already released v2.2.0](https://twitter.com/cure53berlin/status/1318818166303281153) which should mitigate this issue.

Even if all major sanitizer libraries did eventually support this, it's still problematic that there are existing sanitizers that may end up with XSS. We may need to pursue some kind of opt-in mechanism for this so that the existing content that's not actively maintained doesn't get a new XSS vulnerability.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/831#issuecomment-714240292

Received on Thursday, 22 October 2020 05:33:45 UTC