The function encodeForHTML don't protect against XSS attacks like : <“img src=x onerror=alert(1)> *remove the "
The function encodeForHTML don't protect against XSS attacks like :
<“img src=x onerror=alert(1)>
*remove the "