Update Cross_Site_Scripting_Prevention_Cheat_Sheet.md (#1484)

* Update Cross_Site_Scripting_Prevention_Cheat_Sheet.md #1480 * Update Cross_Site_Scripting_Prevention_Cheat_Sheet.md
OWASP · Sep 9, 2024 · 46d3fe3 · 46d3fe3
1 parent 41c5efe
commit 46d3fe3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md b/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
@@ -194,7 +194,7 @@ elem.innerHTML = DOMPurify.sanitize(dangerVar);
 
 **Safe HTML Attributes include:** `align`, `alink`, `alt`, `bgcolor`, `border`, `cellpadding`, `cellspacing`, `class`, `color`, `cols`, `colspan`, `coords`, `dir`, `face`, `height`, `hspace`, `ismap`, `lang`, `marginheight`, `marginwidth`, `multiple`, `nohref`, `noresize`, `noshade`, `nowrap`, `ref`, `rel`, `rev`, `rows`, `rowspan`, `scrolling`, `shape`, `span`, `summary`, `tabindex`, `title`, `usemap`, `valign`, `value`, `vlink`, `vspace`, `width`.
 
-For a comprehensive list, check out the [DOMPurify allowlist](https://github.com/cure53/DOMPurify/blob/main/src/attrs.js)
+For attributes not reported above, ensure that if JavaScript code is provided as a value, it cannot be executed.
 
 ## Other Controls