Hello,
In a current project, I need to let editors customize a name attribute for an element. It could potentially be a string with whitespace, so I’d rather not .urlize the value.
Is it possible to accommodate readable strings and still prevent JS injection (like onclick="function(console.log('you\'ve been scripted!')))? Not sure what I’m looking for here, possibly a function?