Without sanitize
script won't run, but <script> node stays in DOM
onmouseover and other events still work
styles are contained in shadow dom & they don't leak out
check dirty.svg in a new tab to see how it really is
script won't run, but <script> node stays in DOM
onmouseover and other events still work
styles are contained in shadow dom & they don't leak out
check dirty.svg in a new tab to see how it really is