It depends on what cases you want the tool to handle, also you didn't mention about the target you want to protect, is it the DOM, some backend api or something else?
Generally there are different ways to sanitize data and prevent things like XSS
Example github.com/cure53/DOMPurify
The context is more to have a tool to know if the string contains malicious content
Sanitize will help to protect the app, but I want to be notified if there is a real attack. I want to avoid false positive notifications
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It depends on what cases you want the tool to handle, also you didn't mention about the target you want to protect, is it the DOM, some backend api or something else?
Generally there are different ways to sanitize data and prevent things like XSS
Example github.com/cure53/DOMPurify
The context is more to have a tool to know if the string contains malicious content
Sanitize will help to protect the app, but I want to be notified if there is a real attack. I want to avoid false positive notifications