[1] はてなダイアリーXSS対策 - はてなダイアリーのヘルプ ( (2013-11-22 08:31:30 +09:00 版)) http://hatenadiary.g.hatena.ne.jp/keyword/%E3%81%AF%E3%81%A6%E3%81%AA%E3%83%80%E3%82%A4%E3%82%A2%E3%83%AA%E3%83%BCXSS%E5%AF%BE%E7%AD%96?kid=247

[2] GitHub Flavored Markdown Spec (2017-05-15 12:05:46 +09:00) https://github.github.com/gfm/#disallowed-raw-html-extension-

[3] Sanitize Untrusted HTML (2016-01-14 21:12:27 +09:00) https://mikewest.github.io/purification/

[4] cure53/DOMPurify: DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: (2017-07-20 23:52:42 +09:00) https://github.com/cure53/DOMPurify

[5] IIIFのHTML

[6] RFP: Sanitizer specification · Issue #106 · mozilla/standards-positions (2018-10-18 13:26:08 +09:00) https://github.com/mozilla/standards-positions/issues/106