Express XSS Sanitizer is a personal development by AhmedAdelFahim to clean user input data (in req.body, req.query, req.headers and req.params) to prevent cross-site scripting (XSS) attacks. express XSS Sanitizer A prototype contamination vulnerability exists in versions prior to 1.1.3, which stems from the vulnerability that express-xss-sanitizer is susceptible to prototype contamination via the allowedTags attribute, which can be exploited to bypass xss filtering.