I'm creating a note app where users can add a note by entering multiline text in a textarea. When I save the note in Firebase it is being saved with newline ( ) characters which I want to visualize.
Therefore, I wrote a filter that replaces these characters with <br />
and that works great.
Though, now I need to render my data using {{{note.content}}}
and a user can inject HTML, CSS, and JS that will be executed.
Should I use something like DOMPurify to validate the content or is there a way to safely render newline characters?