wusala01
wusala01
You need to decode the URI. There are two globals for that in JS: [decodeURI](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURI) [decodeURIComponent](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent) see in action: ```javascript const {sanitize} = require('bleach'); const unsafe_uri = 'http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E'; const sanitizeUri...
A potential workaround could be this, couldn't it? Iam not very experienced with Regex-based DOS, but might this help? ```javascript html = html.replace(/(?:.|[\r\n])*?/gmi, ''); ``` vs. ```javascript html = html.replace(/(.*?[\r\n])*?(.*?)(.*?[\r\n])*?/gim,...