javascript marquee xss how to sanitize code example Example: javascript image xss <img src='#' onerror=alert(1) />