From d27be83de8083c3e484dad03c52d001375a8d95c Mon Sep 17 00:00:00 2001
From: vhs <97140109+vhscom@users.noreply.github.com>
Date: Sun, 29 May 2022 13:20:40 +0800
Subject: [PATCH] docs: add js-xss to sanitizer warning (#2484)

close: #2482
---
 docs/INDEX.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/INDEX.md b/docs/INDEX.md
index d583cdf21a..a9b3af95d8 100644
--- a/docs/INDEX.md
+++ b/docs/INDEX.md
@@ -25,7 +25,7 @@ These documentation pages are also rendered using marked 💯
 
 <h2 id="usage">Usage</h2>
 
-### Warning: 🚨 Marked does not [sanitize](/using_advanced#options) the output HTML. Please use a sanitize library, like [DOMPurify](https://github.com/cure53/DOMPurify) (recommended), [sanitize-html](https://github.com/apostrophecms/sanitize-html) or [insane](https://github.com/bevacqua/insane) on the *output* HTML! 🚨
+### Warning: 🚨 Marked does not [sanitize](/using_advanced#options) the output HTML. If you are processing potentially unsafe strings, it's important to filter for possible XSS attacks. Some filtering options include [DOMPurify](https://github.com/cure53/DOMPurify) (recommended), [js-xss](https://github.com/leizongmin/js-xss), [sanitize-html](https://github.com/apostrophecms/sanitize-html) and [insane](https://github.com/bevacqua/insane) on the *output* HTML! 🚨
 
 ```
 DOMPurify.sanitize(marked.parse(`<img src="x" onerror="alert('not happening')">`));