Code Room
Code reviewHardcr-g451
Subject XssLevel Senior–Staff~22 minCommon in Security interviewsIndustries Software development

Question

Review this JavaScript rich-text renderer that sanitizes, then re-parses the HTML.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
import DOMPurify from 'dompurify'; function render(container, userHtml) {  const clean = DOMPurify.sanitize(userHtml);  // 'Normalize' the markup by round-tripping through a template element  const tpl = document.createElement('template');  tpl.innerHTML = clean;  const normalized = tpl.innerHTML;  container.innerHTML = normalized;}
Run or narrate your approach, then ask the coach.