Hacker News new | past | comments | ask | show | jobs | submit login

It wouldn't help if new features extend the capabilities of existing stuff (which is done all the time). For example the CSS Shader example from before adds new syntax to the existing 'filter' css style, which you might've already whitelisted because it is safe today.



I guess a nested, parameter-granularity whitelist would work in that case :)


You can do that with DOMPurify using hooks.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: