Yes,
in a way it would do the same job as a sanitizer,
but it is more than that.
I think that a simple sanitize function could
be wrong.
A function to disable JS would
be the last barrier for an XSS.
While a sanitize function
would just be another
barrier between XSS Code and
the Browsers JS Engine.
Where there could still be something
between sanitizing and rendering
on the web page if you just have
a Browser sanitize function.
But if the JS Engine isn't
even enabled, nobody can execute
XSS at the last point.
On 4/24/19 5:22 PM, Craig Francis wrote:
> Hi Joris,
>
>> <mailto:
dev-se...@lists.mozilla.org>
>>
https://lists.mozilla.org/listinfo/dev-security
>>
>