Possible injection because of sanitize cache #34
Description
Basically it's possible to inject dirty html:
const striked = '<strike>test</strike>';
console.log(<div>{striked}</div>);
console.log(<div><strike>test</strike></div>);
console.log(<div>{striked}</div>);This is the output:
<div><strike>test</strike></div>
<div><strike>test</strike></div>
<div><strike>test</strike></div>Expected output:
<div><strike>test</strike></div>
<div><strike>test</strike></div>
<div><strike>test</strike></div>After rendering <div><strike>test</strike></div>, it caches <strike>test</strike> and doesn't sanitize it anymore. It can be seen live here as well. Just because something was rendered before, it shouldn't mean that it's sanitized.