Tag
dompurify
Safeguard articles tagged "dompurify" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
React security best practices: stopping XSS, dangerouslySetInnerHTML, and dependency risk
React auto-escapes JSX text by default, but dangerouslySetInnerHTML, href injection, and a 500-package npm worm show where that protection stops.
Jul 11, 20266 min read
Application Security
DOM clobbering: the XSS attack that never runs a script tag
DOM clobbering lets attackers hijack JavaScript logic using pure HTML — no <script> tag required — and it just bypassed DOMPurify's own sanitizer in 2026.
Jul 8, 20266 min read