I have used escapeHTML4 function in backend to add escape characters to block XSS attack. But i have been assigned requirement that it should be shown as it is to the user.
Basically the requirement is that user should see what user enters even if it might be script for attack.
Is there a way that it can be done?
For example the user enters "'>">img src=x onerror=alert(1)>'
I need to show exactly '>">img src=x onerror=alert(1)>'. I think only possible way is to do something in javascript. But i am unable to find any function capable to convert the output of escaptHTML output back to original one.
