diff --git a/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md b/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
index 2d8474098b..7513d73347 100644
--- a/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
+++ b/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
@@ -194,7 +194,7 @@ elem.innerHTML = DOMPurify.sanitize(dangerVar);
 
 **Safe HTML Attributes include:** `align`, `alink`, `alt`, `bgcolor`, `border`, `cellpadding`, `cellspacing`, `class`, `color`, `cols`, `colspan`, `coords`, `dir`, `face`, `height`, `hspace`, `ismap`, `lang`, `marginheight`, `marginwidth`, `multiple`, `nohref`, `noresize`, `noshade`, `nowrap`, `ref`, `rel`, `rev`, `rows`, `rowspan`, `scrolling`, `shape`, `span`, `summary`, `tabindex`, `title`, `usemap`, `valign`, `value`, `vlink`, `vspace`, `width`.
 
-For a comprehensive list, check out the [DOMPurify allowlist](https://github.com/cure53/DOMPurify/blob/main/src/attrs.js)
+For attributes not reported above, ensure that if JavaScript code is provided as a value, it cannot be executed.
 
 ## Other Controls