How to saftey sanitize html content before injection in jquery-pajax?

[karthickvTR]

fire('pjax:beforeReplace', [container.contents, options], {
     state: pjax.state,
     previousState: previousState
   })
   context.html(container.contents)

The content is injected context.html, which can potentially introduce XSS vulnerabilities if the response contains unsafe HTML.

Is there a recommended or built-in way to sanitize the content before it's injected, or do we need to implement our own client-side sanitization (e.g., using Dompurify) outside the library?

Also, are there any plans to include built-in sanitization or hooks for this in future releases?

[cuixiping]

Take a look at pjax:beforeReplace event.

$(document).on('pjax:beforeReplace', function(evt, contents, options) {
   // you can update contents here
})