If you use untrusted user-input, escape that to be HTML-escaped and (via DOMPurify etc.) and then run prettify over that code, is this safe? Or may it introduce an XSS risk as such that you prettify the code after inserting/escaping?
If you use untrusted user-input, escape that to be HTML-escaped and (via DOMPurify etc.) and then run prettify over that code, is this safe?
Or may it introduce an XSS risk as such that you prettify the code after inserting/escaping?